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(57) To provide a data providing system able to pro- 
tect the interests of interested parties of a data providing 
apparatus. The content provider 101 distributes a se- 
cure container 1 04 storing content data encrypted using 
content key data, content key data encrypted using dis- 
tribution key data, and encrypted usage control policy 



data showing handling of the content data to a SAM 
105^ of a user home network 103. The SAM 105^ etc. 
decrypts the content key data and usage control policy 
data stored in the secure container 1 04 and detemnines 
the handling such as the purchase form and usage form 
of the content data based on the decrypted usage con- 
trol policy data. 
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Description 

TECHNICAL FIELD 

[0001] The present invention relates to a data provid- 
ing system providing content data and a method of 
same, a data providing apparatus, and a data process- 
ing apparatus. 

BACKGROUND ART 

[0002] There is a data providing system for distribut- 
ing encrypted content data to data processing appara- 
tuses of users concluding predetermined contracts and 
having the related data processing apparatuses decrypt 
and reproduce and record the content data. 
[0003] As one of such data providing systems, there 
is the conventional EMD (electronic music distribution) 
system for distributing music data. 
[0004] Figure 145 is a view of the configuration of a 
conventional EMD system 700. 

[0005] In the EMD system 700 shown in Fig. 145, con- 
tent providers 701a and 701b encrypt content data 
704a, 704b, and 704c and copyright information 705a, 
705b, and 705c by session key data obtained after mu- 
tual certification and supply them to a service provider 
71 0 on-line or supply by off-line. Here, the copyright in- 
formation 705a, 705b, and 705c include for example 
SCMS (serial copy management system) infomnatlon, 
electronic watermark information requesting burying in 
the content data, and information concerning the copy- 
right requesting burying in a transmission protocol of the 
service provider 710. 

[0006] The service provider 71 0 decrypts the received 
content data 704a, 704b, and 704c and copyright infor- 
mation 705a, 705b, and 705c by using the session key 
data. 

[0007] Then, the service provider 71 0 buries the cop- 
yright information 705a, 705b, and 705c in the content 
data 704a, 704b, and 704c decrypted or received off- 
line to produce content data 707a, 707b, and 707c. At 
this time, the service provider 710 changes predeter- 
mined frequency domains of for example the electronic 
watermark information among the copyright information 
705a, 705b, and 705c and buries them in the content 
data 704a, 704b, and 704c and buries the SCMS infor- 
mation in a network protocol used when transmitting the 
related content data to the user. 

[0008] Further, the service provider 71 0 encrypts the 
content data 707a, 707b, and 707c by using content key 
data Kca, Kcb, and Kcc read out from a key database 
706. Thereafter, the service provider 71 0 encrypts a se-. 
cure container 722 storing the encrypted content data 
707a, 707b, and 707c by the session key data obtained 
after the mutual certification and transmits the same to 
a CA (conditional access) module 711 existing in a ter- 
minal 709 of the user 

[0009] The CA module 71 1 decrypts the secure con- 



tainer 722 by using the session key data. Also, the CA 
module 71 1 receives the content key data Kca, Kcb. and 
Kcc from the key database 706 of the service provider 
710 by using a charge function such as an electronic 

5 settlement and CA and decrypts them by using the ses- 
sion key data. By this, in the tenninal 709, it becomes 
possible to decrypt the content data 707a, 707b, and 
707c by using the content key data Kca, Kcb, and Kcc. 
[0010] At this time, the CA module 711 performs 

10 charge processing in units of content, produces charge 
infomnation 721 in accordance with a result of this, and 
encrypts this by the session key data and then transmits 
the same to a right clearing module 720 of the service 
provider 710. 

15 [0011] In this case, the CA module 711 collects items 
to be managed by the service provider 710 concerning 
services provided by itself, that is. the contract (update) 
infonnation and the monthly basic fee and other network 
rent of the users, performs the charge processing in 

20 units of the content, and ensure security of a physical 
layer of the network. 

[0012] The service provider 710 performs distributes 
profit among the service provider 71 0 and the content 
providers 701a, 701b, and 701c when receiving the 

25 charge infomnation 721 from the CA module 711 . 

[0013] At this time, the profit is distributed from the 
service provider 710 to the content providers 701a, 
701 b, and 701 c via for example the JASRAC (Japanese 
Society for Rights of Authors, Composers, and Publish- 

30 ers) . Also, the profit of the content provider is distributed 
to copyright owner, an artist, a song writer, and/or com- 
poser of the related content data and their affiliated pro- 
duction companies by the JASRAC. 
[0014] Also, in the terminal 709, when recording the 

35 content data 707a, 707b, and 707c decrypted by using 
the content key data Kca, Kcb, and Kcc in a RAM type 
storage medium 723 or the like, copying is controlled by 
rewriting SCMS bits of the copyright information 705a, 
705b, and 705c. Namely, on the user side, copying is 

40 controlled based on the SCMS bits buried in the content 
data 707a, 707b, and 707c to achieve protection of the 
copyright. 

[0015] The SCMS prohibits copying of the content da- 
ta over for example two generations. Copying of one 
45 generation can be carried out without restriction, how- 
ever, so there is a problem of insufficient protection of 
the copyright owner 

[0016] Also, in the EMD system 700, the content data 
not encrypted by the service provider 71 0 can be tech- 
no nically freely handled, so interested parties of the con- 
tent provider 710 must monitor actions etc. of the service 
provider 710, so there are problems in that the load of 
the related monitoring is large and, at the same time, 
there is a high possibility of improper toss of the profit 
55 of the content provider 701 . 

[0017] Also, in the EMD system 700, it is difficult to 
restrict acts of the tenninal 709 of the user authoring the 
content data distributed from the service provider 710 
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and redistributing the same to another terminal etc., so 
there is the problem of the improper loss of the profit of 
the content provider 701 . 

DISCLOSURE THE INVENTION 5 

[0018] The present invention was made in consider- 
ation with the problems of the related art mentioned 
above and has as an object thereof to provide a data 
providing system capable of adequately protecting the 
profit of right holders (interested parties) of the content 
provider and a method of the same. 
[0019] Also, another object of the present invention is 
to provide a data providing system capable of reducing 
the load of inspection for protecting the profit of the right 
holders of the content provider and a method of the 
same. 

[0020] To solve the problems of the prior art men- 
tioned above and achieve the above objects, a data pro- 
viding system of a first aspect of the present invention 
is preferably a data providing system for distributing 
content data from a data providing apparatus to a data 
processing apparatus and managing the data providing 
apparatus and the data processing apparatus by a man- 
agement apparatus, wherein the management appara- 
tus produces a key file storing encrypted content key 
data and encrypted usage control policy data Indicating 
handling of the content data, the data providing appara- 
tus provides the content data encrypted by using the 
content key data, and the data processing apparatus de- 
crypts the content key data and the usage control policy 
data stored in the key file and determines the handling 
of the content data based on the related decrypted us- 
age control policy data. 

[0021] The mode of operation of the data providing 
system of the first aspect of the present invention be- 
comes as follows. 

[0022] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data is produced, and the related key file is 
sent to the data providing apparatus. 
[0023] Then, the content data encrypted by using the 
content key data is provided from the data providing ap- 
paratus to the data processing apparatus. 
[0024] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the key file are decrypted, and the handling of 
the content data is determined based on the related de- 
crypted usage control policy data. 
[0025] Also, a data providing system of a second as- 
pect of the present invention is a data providing system 
for distributing content data from a data providing appa- 
ratus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 



data indicating handling of the content data, the data 
providing apparatus distributes a module storing a con- 
tent file storing the content data encrypted by using the 
content key data and the key file received from the man- 
agement apparatus to the data processing apparatus, 
and the data processing apparatus decrypts the content 
key data and the usage control policy data stored in the 
distributed module and determines the handling of the 
content data based on the related decrypted usage con- 
trol policy data. 

[0026] The mode of operation of the data providing 
system of the second aspect of the present invention 
becomes as follows. 

[0027] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data is produced. 

[0028] Then, the related produced key file is distribut- 
ed from the management apparatus to the data provid- 
ing apparatus. 

[0029] Then, the module storing the content file stor- 
ing the content data encrypted by using the content key 
data and the key file received from the management ap- 
paratus is distributed from the data providing apparatus 
to the data processing apparatus. 
[0030] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed module are decrypted, and the 
handling of the content data is determined based on the 
related decrypted usage control policy data. 
[0031] A data providing system of a third aspect of the 
present invention is a data providing system for distrib- 
uting content data from a data providing apparatus to a 
data processing apparatus and managing the data pro- 
viding apparatus and the data processing apparatus by 
a management apparatus, wherein the management 
apparatus produces a key file storing encrypted content 
key data and encrypted usage control policy data indi- 
cating handling of the content data, the data providing 
apparatus distributes a module storing a content file 
containing content data encrypted by using the content 
key data and the key file received from the management 
apparatus to the data processing apparatus, and the da- 
ta processing apparatus decrypts the content key data 
and the usage control policy data stored in the distrib- 
uted module and determines the handling of the content 
data based on the related decrypted usage control pot- 
icy data. 

[0032] The mode of operation of the data providing 
system of the third aspect of the present invention be- 
comes as follows. 

[0033] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data is produced, and the related produced 
key file is sent to the data providing apparatus. 
[0034] Then, the module storing the content file con- 
taining the content data encrypted by using the content 
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key data and the key file received from the management 
apparatus is distributed from the data providing appara- 
tus to the data processing apparatus. 
[0035] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed module are decrypted, and the 
handling of the content data is determined based on the 
related decrypted usage control policy data. 
[0036] Also, a data providing system of a fourth as- 
pect of the present invention is a data providing system 
for distributing content data from a data providing appa- 
ratus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data Indicating handling of the content data, the data 
providing apparatus individually distributes the content 
file storing the content data encrypted by using the con- 
tent key data and the key file received from the manage- 
ment apparatus to the data processing apparatus, and 
the data processing apparatus decrypts the content key 
data and the usage control policy data stored in the dis- 
tributed key file and determines the handling of the con- 
tent data stored in the distributed content file based on 
the related decrypted usage control policy data. 
[0037] The mode of operation of the data providing 
system of the fourth aspect of the present Invention be- 
comes as follows. 

[0038] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data Indicating the handling of 
the content data is produced, and the related produced 
key file is sent to the data providing apparatus. 
[0039] Then, in the data providing apparatus, the con- 
tent file storing the content data encrypted by using the 
content key data and the key file received from the man- 
agement apparatus are distributed. 
[0040] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed key file are decrypted, and the 
handling of the content data stored in the distributed 
content file Is detemnined based on the related decrypt- 
ed usage control policy data. 

[0041] Also, a data providing system of a fifth aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating handling of the content data and distrib- 
utes the related produced key file to the data processing 
apparatus, the data providing apparatus distributes a 
content file storing the content data encrypted by using 
the content key data to the data processing apparatus, 
and the data processing apparatus decrypts the content 



key data and the usage control policy data stored in the 
distributed key file and detemnines the handling of the 
content data stored in the distributed content file based 
on the related decrypted usage control policy data. 
5 [0042] The mode of operation of the data providing 
system of the fifth aspect of the present invention be- 
comes as follows. 

[0043] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
10 ed usage control policy data indicating the handling of 
the content data is produced. 

[0044] The related produced key file is distributed 
from the management apparatus to the data processing 
apparatus. 

15 [0045] Also, the content file storing the content data 
encrypted by using the content key data is distributed 
from the data providing apparatus to the data process- 
ing apparatus. 

[0046] Then, in the data processing apparatus, the 

20 content key data and the usage control policy data 
stored in the distributed key file are decrypted, and the 
handling of the content data stored in the distributed 
content file is determined based on the related decrypt- 
ed usage control policy data. 

25 [0047^ Also, a data providing system of a sixth aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 

30 paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating handling of the content data, the data 
providing apparatus distributes a module storing the 

35 content data encrypted by using the content key data 
and the key file received from the management appara- 
tus to the data processing apparatus, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored In the distributed 

40 module and determines the handling of the content data 
based on the related decrypted usage control policy da- 
ta. 

[0048] The mode of operation of the data providing 
system of the sixth aspect of the present invention be- 
45 comes as follows. 

[0049] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data is produced, and the related produced 
50 key file Is sent to the data providing apparatus. 

[0050] Then, the module storing the content data en- 
crypted by using the content key data and the key file 
received from the management apparatus is distributed 
from the data providing apparatus to the data process- 
es ing apparatus. 

[0051] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed module are decrypted, and the 
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handling of the content data is determined based on the 
related decrypted usage control policy data. 
[0052] Also, a data providing system of a seventh as- 
pect of the present invention is a data providing system 
for distributing content data from a data providing appa- 
ratus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating handling of the content data, the data 
providing apparatus individually distributes the content 
data encrypted by using the content key data and the 
key file received from the management apparatus to the 
data processing apparatus, and the data processing ap- 
paratus decrypts the content key data and the usage 
control policy data stored in the distributed key tile and 
determines the handling of the distributed content data 
based on the related decrypted usage control policy da- 
ta. . 

[0053] The mode of operation of the data providing 
system of the seventh aspect of the present invention 
becomes as follows. 

[0054] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data is produced, and the related produced 
key file is sent to the data providing apparatus. 
[0055] Then, the content data encrypted by using the 
content key data and the key file received from the man- 
agement apparatus are individually distributed from the 
data providing apparatus to the data processing appa- 
ratus. 

[0056] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed key file are decrypted, and the 
handling of the distributed content data is determined 
based on the related decrypted usage control policy da- 
ta. 

[0057] Also, a data providing system of an eighth as- 
pect of the present invention is a data providing system 
for distributing content data from a data providing appa- 
ratus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating handling of the content data and distrib- 
utes the related produced key file to the data processing 
apparatus, the data processing apparatus distributes 
the content data encrypted by using the content key data 
to the data processing apparatus, and the data process- 
ing apparatus decrypts the content key data and the us- 
age control policy data stored in the distributed key file 
and determines the handling of the distributed content 
data based on the related decrypted usage control pol- 
icy data. 

[0058] The mode of operation of the data providing 



system of the eighth aspect of the present invention be- 
comes as follows. 

[0059] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 

5 ed usage control policy data indicating the handling of 
the content data is produced, and the related produced 
key file is sent to the data processing apparatus. 
[0060] Also, the content data encrypted by using the 
content key data are distributed from the data providing 

10 apparatus to the data processing apparatus. 

[0061] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed key file are decrypted, and the 
handling of the distributed content data is determined 

15 based on the related decrypted usage control policy da- 
ta. 

[0062] Also, a data providing system of a ninth aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 

20 tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces encrypted content key da- 
ta and encrypted usage control policy data indicating 

25 handling of the content data, the data providing appara- 
tus individually distributes the content data encrypted by 
using the content key data, the encrypted content key 
data received from the management apparatus, and the 
encrypted usage control policy data to the data process- 

30 ing apparatus, and the data processing apparatus de- 
crypts the distributed content key data and the usage 
control policy data and determines the handling of the 
content data stored in the distributed content file based 
on the related decrypted usage control policy data. 

35 [0063] The mode of operation of the data providing 
system of the ninth aspect of the present invention be- 
comes as follows. 

[0064] In the management apparatus, the encrypted 
content key data and the encrypted usage control policy 
40 data indicating the handling of the content data are pro- 
duced, and they are sent to the data providing appara- 
tus. 

[0065] Then, the content data encrypted by using the 
content key data and the encrypted content key data 
45 and the encrypted usage control policy data received 
from the management apparatus are individually distrib- 
uted from the data providing apparatus to the data 
processing apparatus. 

[0066] Then, in the data processing apparatus, the 
50 distributed content key data and the usage control policy 
data are decrypted, and the handling of the content data 
stored in the distributed content file is determined based 
on the related decrypted usage control policy data. 
[0067] Also, a data providing system of a 10th aspect 
55 of the present invention is a data providing system for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 



5 



JDOCID: <FP 



1132838A1 I > 



9 EP 1 132 828 A1 10 



paratus by a management apparatus, wherein the man- 
agement apparatus produces encrypted content key da- 
ta and encrypted usage control policy data indicating 
handling of the content data and distributes the same to 
the data processing apparatus, the data providing ap- 
paratus distributes the content data encrypted by using 
the content key data to the data processing apparatus, 
and the data processing apparatus decrypts the distrib- 
uted content key data and the usage control policy data 
and determines the handling of the distributed content 
data based on the related decrypted usage control pol- 
icy data. 

[0088] The mode of operation of the data providing 
system of the 10th aspect of the present invention be- 
comes as foilows. 

[0069] In the management apparatus, the encrypted 
content key data and the encrypted usage control policy 
data indicating the handling of the content data are pro- 
duced, and they are sent to the data processing appa- 
ratus. 

[0070] Also, the content data encrypted by using the 
content key data are distributed from the data providing 
apparatus to the data processing apparatus. 
[0071] Then, in the data processing apparatus, the 
distributed content key data and the usage control policy 
data are decrypted, and the handling of the distributed 
content data is determined based on the related de- 
crypted usage control policy data. 
[0072] Also, a data providing system of an 11 th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a data processing apparatus, and a manage- 
ment apparatus, wherein the management apparatus 
produces a key file storing encrypted content key data 
and encrypted usage control policy data indicating the 
handling of the content data, the data providing appara- 
tus provides the content data encrypted by using the 
content key data, the data distribution apparatus distrib- 
utes the provided content data to the data processing 
apparatus, and the data processing apparatus decr/pts 
the content key data and the usage control policy data 
stored in the key file and determines the handling of the 
distributed content data based on the related decrypted 
usage control policy data. 

[0073] The mode of operation of the data providing 
system of the 11th aspect of the present invention be- 
comes as follows. 

[0074] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data is produced. 

[0075] Then, the content data encrypted by using the 
content key data is provided from the data providing ap- 
paratus to the data distribution apparatus. 
[0076] Then, the provided content data is distributed 
from the data distribution apparatus to the data process- 
ing apparatus. 

[0077] Then, in the data processing apparatus, the 



content key data and the usage control policy data 
stored in the key file are decrypted, and the handling of 
the distributed content data is determined based on the 
related decrypted usage control policy data. 

5 [0078] Also, a data providing system of a 12th aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 

10 processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
wherein the management apparatus produces a key file 
storing encrypted content key data and encrypted usage 

?5 control policy data indicating the handling of the content 
data, the data providing apparatus provides a first mod- 
ule storing a content file storing the content data en- 
crypted by using the content key data and the key file 
received from the management apparatus to the data 

^0 distribution apparatus, the data distribution apparatus 
distributes a second module storing the provided con- 
tent file and the key file to the data processing appara- 
tus, and the data processing apparatus decrypts the 
content key data and the usage control policy data 

25 stored in the distributed second module and detemnines 
the handling of the content data stored in the distributed 
second module based on the related decrypted usage 
control policy data. 

[0079] The mode of operation of the data providing 
30 system of the 12th aspect of the present invention be- 
comes as follows. 

[0080] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 

35 the content data is produced, and the related produced 
key file is sent to the data providing apparatus. 
[0081] Then, the first module storing the content file 
storing the content data encrypted by using the content 
key data and the key file received from the management 

40 apparatus is provided from the data providing apparatus 
to the data distribution apparatus. 
[0082] Then, the second module storing the provided 
content file and the key file is distributed from the data 
distribution apparatus to the data processing apparatus. 

45 [0083] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed second module are decrypted, 
and the handling of the content data stored in the dis- 
tributed second module is determined based on the re- 

50 lated decrypted usage control policy data. 

[0084] Also, a data providing system of a 13th aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 

55 data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
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wherein the management apparatus produces a key file 
storing encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, the data providing apparatus provides a first mod- 
ule storing a content file containing the content data en- 
crypted by using the content key data and a key file re- 
ceived from the management apparatus to the data dis- 
tribution apparatus, the data distribution apparatus dis- 
tributes a second module storing the provided content 
file to the data processing apparatus, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
second module and determines the handling of the con- 
tent data stored in the distributed second module based 
on the related decrypted usage control policy data. 
[0085] Also, a data providing system of a 1 4th aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
wherein the management apparatus produces a key file 
storing encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, the data providing apparatus individually distrib- 
utes a content file storing the content data encrypted by 
using the content key data and the key file received from 
the management apparatus to the data distribution ap- 
paratus, the data distribution apparatus individually dis- 
tributes the distributed content file and key file to the da- 
ta processing apparatus, and the data processing ap- 
paratus decrypts the content key data and the usage 
control policy data stored in the distributed key file and 
determines the handling of the content data stored in 
the distributed content file based on the related decrypt- 
ed usage control policy data. 

[0086] Also, a data providing system of a 1 5th aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data and dis- 
tributes the related produced key file to the data 
processing apparatus, the data providing apparatus 
provides a content file storing the content data encrypt- 
ed by using the content key data to the data distribution 
apparatus, the data distribution apparatus distributes 
the provided content file to the data processing appara- 
tus, and the data processing apparatus decrypts the 
content key data and the usage control policy data 
stored in the distributed key file and determines the han- 
dling of the content data stored in the distributed content 
file based on the related decrypted usage control policy 



data. 

[0087] Also, a data providing system of a 1 6th aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 

5 to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 

10 wherein the management apparatus produces a key file 
storing encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, the data providing apparatus provides a first mod- 
ule storing the content data encrypted by using the con- 

is tent key data and the key file received from the manage- 
ment apparatus to the data distribution apparatus, the 
data distribution apparatus distributes a second module 
storing the provided content data and the key file to the 
data processing apparatus, and the data processing ap- 

20 paratus decrypts the content key data and the usage - 
control policy data stored in the distributed second mod- 
ule and determines the handling of the content data 
stored in the distributed second module based on the 
related decrypted usage control policy data. 

25 [0088] Also, a data providing system of a 1 7th aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 

30 processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
wherein the management apparatus produces a key file 
storing encrypted content key data and encrypted usage 

35 control policy data indicating the handling of the content 
data, the data providing apparatus individually distrib- 
utes the content data encrypted by using the content key 
data and the key file received from the management ap- 
paratus to the data distribution apparatus, the data dis- 

40 tribution apparatus individually distributes the distribut- 
ed content data and the key file to the data distribution 
apparatus, and the data processing apparatus decrypts 
the content key data and the usage control policy data 
stored in the distributed key file and detemnines thehan- 

45 dling of the distributed content data based on the related 
decrypted usage control policy data. 
[0089] Also, a data providing system of an 1 8th aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 

50 tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 

55 data indicating the handling of the content data and dis- 
tributes the related produced key file to the data 
processing apparatus, the data processing apparatus 
provides the content data encrypted by using the con- 
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tent key data to the data distribution apparatus, the data 
distribution apparatus distributes the provided content 
data to the data processing apparatus, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key file and determines the handling of the distributed 
content data based on the related decrypted usage con- 
trol policy data. 

[0090] Also, a data providing system of a 1 9th aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
wherein the management apparatus provides encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data to the 
data providing apparatus, the data providing apparatus 
individually distributes the content data encrypted by us- 
ing the content key data and the encrypted content key 
data and the encrypted usage control policy data re- 
ceived from the management apparatus to the data dis- 
tribution apparatus, the data distribution apparatus indi- 
vidually distributes the distributed content data, the en- 
crypted content key data, and the encrypted usage con- 
trol policy data to the data distribution apparatus, and 
the data processing apparatus decrypts the distributed 
content key data and the usage control policy data and 
determines the handling of the distributed content data 
based on the related decrypted usage control policy da- 
ta. 

[0091] Also, a data providing system of a 20th aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
wherein the management apparatus provides encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data to the 
data processing apparatus, the data providing appara- 
tus provides the content data encrypted by using the 
content key data to the data distribution apparatus, the 
data distribution apparatus distributes the provided con- 
tent data to the data processing apparatus, and the data 
processing apparatus decrypts the distribute the con- 
tent key data and the usage control policy data and de- 
temnines the handling of the distributed content data 
based on the related decrypted usage control policy da- 
ta. 

[0092] Also, a data providing system of a 21 st aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, and a data process- 



ing apparatus, wherein the data providing apparatus 
provides master source data of content to the manage- 
ment apparatus, the management apparatus manages 
the data providing apparatus, the data distribution ap- 

5 paratus, and the data processing apparatus, encrypts 
the provided master source data by using content key 
data to produce content data, produces a content file 
storing the related content data, produces a key file stor- 
ing the encrypted content key data and encrypted usage 

10 control policy data indicating the handling of the content 
data, and provides the content file and the key file to the 
data distribution apparatus, the data distribution appa- 
ratus distributes the provided content file and the key 
file to the data processing apparatus, and the data 

15 processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key file and determines the handling of the content data 
stored in the distributed content file based on the related 
decrypted usage control policy data. 

20 [0093] Also, a data providing system of a 22nd aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, and a data process- 
ing apparatus, wherein the data providing apparatus 

25 provides master source data of content to the manage- 
ment apparatus, the management apparatus manages 
the data providing apparatus, the data distribution ap- 
paratus, and the data processing apparatus, encrypts 
the provided master source data by using content key 

30 data to produce content data, produces a content file 
storing the related content data, produces a key file stor- 
ing the encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, and provides the content file to the data distribution 

35 apparatus, provides the key file to the data processing 
apparatus, the data distribution apparatus distributes 
the provided content file to the data processing appara- 
tus, and the data processing apparatus decrypts the 
content key data and the usage control policy data 

^0 stored in the distributed key file and determines the han- 
dling of the content data stored in the distributed content 
file based on the related decrypted usage control policy 
data. 

[0094] Also, a data providing system of a 23rd aspect 
45 of the present invention Is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, and a data process- 
ing apparatus, wherein the data providing apparatus 
provides a content file storing encrypted content data 
50 using content key data to the management apparatus, 
the management apparatus manages the data provid- 
ing apparatus, the data distribution apparatus, and the 
data processing apparatus, produces a key file storing 
the encrypted content key data and encrypted usage 
55 control policy data indicating the handling of the content 
data, and provides the content file provided from the da- 
ta providing apparatus and the produced key file to the 
data distribution apparatus, the data distribution appa- 
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ratus distributes the provided content file and the l<ey 
file to the data processing apparatus, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key file and determines the handling of the content data 
stored in the distributed content file based on the related 
decrypted usage control policy data. 
[0095] Also, a data providing system of a 24th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, and a data process- 
ing apparatus, wherein the data providing apparatus 
provides a content file storing encrypted content data 
using content key data to the management apparatus, 
the management apparatus manages the data provid- 
ing apparatus, the data distribution apparatus, and the 
data processing apparatus, produces a key file storing 
the encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, provides the content file provided from the data 
providing apparatus to the data distribution apparatus, 
and provides the produced key file to the data process- 
ing apparatus, the data distribution apparatus distrib- 
utes the provided content file to the data processing ap- 
paratus, and the data processing apparatus decrypts 
the content key data and the usage control policy data 
stored in the provided key file and determines the han- 
dling of the content data stored in the distributed content 
file based on the related decrypted usage control policy 
data. 

[0096] Also, a data providing system of a 25th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, a database device, 
and a data processing apparatus, wherein the data pro- 
viding apparatus encrypts content data by using content 
key data, produces a content file storing the related en- 
crypted content data, and stores the related produced 
content file and a key file provided from the manage- 
ment apparatus in the database device, the manage- 
ment apparatus produces the key file storing the en- 
crypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 
and provides the related produced key file to the data 
providing apparatus, the data distribution apparatus dis- 
tributes the content file and key file obtained from the 
database device to the data processing apparatus, and 
the data processing apparatus decrypts the content key 
data and the usage control policy data stored in the dis- 
tributed key file and determines the handling of the con- 
tent data stored in the distributed content file based on 
the related decrypted usage control policy data. 
[0097] Also, a data providing system of a 26th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, a database device, 
and a data processing apparatus, wherein the data pro- 
viding apparatus encn/pts content data by using content 



key data, produces a content file storing the related en- 
ciypted content data, and stores the related produced 
content file in the database device, the management ap- 
paratus produces the key file storing the encrypted con- 
5 tent key data and encrypted usage control policy data 
indicating the handling of the content data and provides 
the related produced key file to the data distribution ap- 
paratus, the data distribution apparatus distributes the 
content file obtained from the database device and the 
10 key file provided from the data distribution apparatus to 
the data processing apparatus, and the data processing 
apparatus decrypts the content key data and the usage 
control policy data stored in the distributed key file and 
detemiines the handling of the content data stored in 
15 the distributed content file based on the related decrypt- 
ed usage control policy data. 

[0098] Also, a data providing system of a 27th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
20 paratus, a management apparatus, a database device, 
and a data processing apparatus, wherein the data pro- 
viding apparatus encrypts content data by using content 
key data, produces a content file storing the related en- 
crypted content data, and stores the related produced 
25 contentf ile in the database device, the management ap- 
paratus produces the key file storing the encrypted con- 
tent key data and encrypted usage control policy data 
indicating the handling of the content data and provides 
the related produced key file to the data processing ap- 
30 paratus, the data distribution apparatus distributes the 
content file obtained from the database device and the 
key file provided from the data distribution apparatus to 
the data processing apparatus, and the data processing 
apparatus decrypts the content key data and the usage 
35 control policy data stored in the provided key file and 
determines the handling of the content data stored in 
the distributed content file based on the related decrypt- 
ed usage control policy data. 

[0099] Also, a data providing system of a 28th aspect 
40 of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
tribution apparatus, a plurality of management appara- 
tuses, a database device, and a data processing appa- 
ratus,' wherein the data providing apparatuses encrypt 
45 content data by using content key data, produce content 
files storing the related encrypted content data, and 
store the related produced content files and key files 
provided from corresponding management apparatus- 
es in the database device, the management apparatus- 
50 es produce key files storing the encrypted content key 
data and the encrypted usage control policy data indi- 
cating the handling of the content data for the content 
data provided by corresponding data providing appara- 
tuses, and provide the related produced key files to cor- 
55 responding data providing apparatuses, the data distri- 
bution apparatus distributes the content files and key 
files obtained from the database device to the data 
processing apparatus, and the data processing appara- 
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tus decrypts the content key data and the usage control 
policy data stored in the distributed key files and deter- 
mines the handling of the content data stored in the dis- 
tributed content files based on the related decr/pted us- 
age control policy data. 

[0100] Also, a data providing system of a 29th aspect 
of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
tribution apparatus, a plurality of management appara- 
tuses, a database device, and a data processing appa- 
ratus, wherein the data providing apparatuses encrypt 
content data by using content key data, produce content 
files storing the related encrypted content data, and 
store the related produced content files in the database 
device, the management apparatuses produce key files 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data for the content data provided by corre- 
sponding data providing apparatuses, and provide the 
related produced key files to the data distribution appa- 
ratus, the data distribution apparatus distributes the 
content fifes obtained from the database device and the 
key files provided from the management apparatus to 
the data processing apparatus, and the data processing 
apparatus decrypts the content key data and the usage 
control policy data stored in the distributed key files and 
determines the handling of the content data stored in 
the distributed content files based on the related de- 
crypted usage control policy data. 
[0101] Also, a data providing system of a 30th aspect 
of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
tribution apparatus, a plurality of management appara- 
tuses, a database device, and a data processing appa- 
ratus, wherein the data providing apparatuses encrypt 
content data by using content key data, produce content 
files storing the related encrypted content data, and 
store the related produced content files in the database 
device, the management apparatuses produce key files 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data for the content data provided by corre- 
sponding data providing apparatuses, and provide the 
related produced key files to the data processing appa- 
ratus, the data distribution apparatus distributes the 
content files obtained from the database device to the 
data processing apparatus, and the data processing ap- 
paratus decrypts the content key data and the usage 
control policy data stored in the distributed key files and 
detennines the handling of the content data stored in 
the distributed content files based on the related de- 
crypted usage control policy data. 
[01 02] Also, a data providing system of a 31 st aspect 
of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
tribution apparatus, a plurality of management appara- 
tuses, a database device, and a data processing appa- 
ratus, wherein the data providing apparatuses provide 



master sources of content data to conresponding man- 
agement apparatuses and store content files and key 
files received from the related management apparatus- 
es in the database, the management apparatuses en- 
5 crypt the master sources received from corresponding 
data providing apparatuses by using content key data, 
produce the content files storing the related encrypted 
content data, produce key files storing the encrypted 
content key data and encrypted usage control policy da- 
^0 ta indicating the handling of the content data for the con- 
tent data provided by corresponding data providing ap- 
paratuses, and send the produced content files and the 
produced key files to con-esponding data providing ap- 
paratuses, the data distribution apparatus distributes 
^5 the content files and key files obtained from the data- 
base device to the data processing apparatus, and the 
data processing apparatus decrypts the content key da- 
ta and the usage control policy data stored In the dis- 
tributed key files and determines the handling of the con- 
20 tent data stored in the distributed content files based on 
the related decrypted usage control policy data. 
[01 03] Also, a data providing system of a 32nd aspect 
of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
25 tribution apparatus, a plurality of management appara- 
tuses, a database device, and a data processing appa- 
ratus, wherein the data providing apparatuses provide 
master sources of content data to corresponding man- 
agement apparatuses, and store content files received 
30 from the related management apparatuses in the data- 
base, the management apparatuses encrypt the master 
sources received from corresponding data providing ap- 
paratuses by using content key data, produce the con- 
tent files storing the related encrypted content data. 
35 send the related produced content files to the data pro- 
viding apparatuses, produce key files storing the en- 
crypted content key data and encrypted usage control 
policy data indicating the handling of the content data 
for the content data provided by corresponding data pro- 
^0 viding apparatuses, and send the produced key files to 
con-esponding data distribution apparatus, the data dis- 
tribution apparatus distributes the content files obtained 
from the database device and the key files provided from 
the management apparatuses to the data processing 
^5 apparatus, and the data processing apparatus decrypts 
the content key data and the usage control policy data 
stored in the distributed key files and determines the 
handling of the content data stored in the distributed 
content files based on the related decrypted usage con- 
50 trol policy data. 

[01 04] Also, a data providing system of a 33rd aspect 
of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
tribution apparatus, a plurality of management appara- 
55 tuses. a database device, and a data processing appa- 
ratus, wherein the data providing apparatuses provide 
master sources of content data to corresponding man- 
agement apparatuses and store content files received 
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from the related management apparatuses in the data- 
base, the management apparatuses encrypt the master 
sources received from corresponding data providing ap- 
paratuses by using content key data, produce the con- 
tent files storing the related encrypted content data, 
send the related produced content files to the data pro- 
viding apparatuses, produce key files storing the en- 
crypted content key data and encrypted usage control 
policy data indicating the handling of the content data 
for the content data provided by corresponding data pro- 
viding apparatuses, and send the produced key files to 
the data processing apparatus, the data distribution ap- 
paratus distributes the content files obtained from the 
database device and the key files provided from the 
management apparatuses to the data processing appa- 
ratus, and the data processing apparatus decrypts the 
content key data and the usage control policy data 
stored in the provided key tiles and detennines the han- 
dling of the content data stored in the distributed content 
files based on the related decrypted usage control policy 
data. 

[0105] Also, a data providing method of a first aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data, the data 
providing apparatus provides the content data encrypt- 
ed by using the content key data, and the data process- 
ing apparatus decrypts the content key data and the us- 
age control policy data stored in the key file and deter- 
mines the handling of the content data based on the re- 
lated decrypted usage control policy data. 
[0106] Also, a data providing method of a second as- 
pect of the present invention is a data providing method 
for distributing content data from a data providing appa- 
ratus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing a key 
file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data, distributing the produced key file from the 
management apparatus to the data providing appara- 
tus, distributing a module storing a content file storing 
the content data encrypted by using the content key data 
and the key file distributed from the management appa- 
ratus from the data providing apparatus to the data 
processing apparatus, and in the data processing appa- 
ratus, decrypting the content key data and the usage 
control policy data stored in the distributed module and 
detemnlning the handling of the content data based on 
the related decrypted usage control policy data. 
[0107] Also, a data providing method of a third aspect 
of the present invention is a data providing method for 



distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 

5 steps of, in the management apparatus, preparing a key 
file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data, in the data providing apparatus, distribut- 
ing a module storing a content file containing the content 

10 data encrypted by using the content key data and the 
key file received from the management apparatus to the 
data processing apparatus, and in the data processing 
apparatus, decrypting the content key data and the us- 
age control policy data stored in the distributed module 
and detennining the handling of the content data based 
on the related decrypted usage control policy data. 
[0108] Also, a data providing method of a fourth as- 
pect of the present invention is a data providing method 
for distributing content data from a data providing appa- 

20 ratus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of , in the management apparatus, preparing a key 
file storing encrypted content key data and encrypted 

25 usage control policy data indicating the handling of the 
content data, distributing the related key file from the 
management apparatus to the data providing appara- 
tus, individually distributing a content file storing the 
content data encrypted by using the content key data 

30 and the key file received from the management appara- 
tus from the data providing apparatus to the data 
processing apparatus, and in the data processing appa- 
ratus, decrypting the content key data and the usage 
control policy data stored in the distributed key file and 

35 determining the handling of the content data stored in 
the distributed content file based on the related decrypt- 
ed usage control policy data. 

[0109] Also, a data providing method of a fifth aspect 
of the present invention is a data providing method for 

40 distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing a key 

45 file storing encrypted content key data and encrypted 
usage control policy data Indicating the handling of the 
content data, distributing the related key file from the 
management apparatus to the data processing appara- 
tus, distributing a content file storing the content data 

50 encrypted by using the content key data from the data 
providing apparatus to the data processing apparatus, 
and in the data processing apparatus, decrypting the 
content key data and the usage control policy data 
stored in the distributed key file and detemnining the 

55 handling of the content data stored in the distributed 
content file based on the related decrypted usage con- 
trol policy data. 

[0110] Also, a data providing method of a sixth aspect 
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of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 5 
steps of, in the management apparatus, preparing a key 
file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data, in the data providing apparatus, distribut- 
ing a module storing the content data encrypted by using io 
the content key data and the key file received from the 
management apparatus to the data processing appara- 
tus, and in the data processing apparatus, decrypting 
the content key data and the usage control policy data 
stored in the distributed module and detemnining the i5 
handling of the content data based on the related de- 
crypted usage control policy data. 
[0111] Also, a data providing method of a seventh as- 
pect of the present invention is a data providing method 
for distributing content data from a data providing appa- 
ratusto a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus^ preparing a key 
file storing encrypted content key data and encrypted ^5 
usage control policy data indicating the handling of the 
content data, in the data providing apparatus, individu- 
ally distributing the content data encrypted by using the 
content key data and the key file received from the man- 
agement apparatus to the data processing apparatus, so 
and in the data processing apparatus, decrypting the 
content key data and the usage control policy data 
stored in the distributed key file and determining the 
handling of the distributed content data based on the 
related decrypted usage control policy data. 35 
[01 1 2] Also, a data providing method of an eighth as- 
pect of the present invention is a data providing method 
for distributing content data from a data providing appa- 
ratus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 40 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing a key 
file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data, distributing the related produced key file 45 
to the data processing apparatus, in the data providing 
apparatus, distributing the content data encrypted by 
using the content key data to the data processing appa- 
ratus, and in the data processing apparatus, decrypting 
the content key data and the usage control policy data 
stored in the distributed key file and detennining the 
handling of the distributed content data based on the 
related decrypted usage control policy data. 
[01 13] Also, a data providing method of a ninth aspect 
of the present invention is a data providing method for 55 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 



paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing en- 
crypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 
in the data providing apparatus, individually distributing 
the content data encrypted by using the content key data 
and the encrypted content key data and the encrypted 
usage control policy data received from the manage- 
ment apparatus to the data processing apparatus, and 
in the data processing apparatus, decrypting the distrib- 
uted content key data and the usage control policy data 
and determining the handling of the content data stored 
in the distributed content file based on the related de- 
crypted usage control policy data. 
[0114] Also, a data providing method of a 10th aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing en- 
crypted content key data and encrypted usage control 
policy data indicating the handling of the content data 
and distributing the same to the data processing appa- 
ratus, in the data providing apparatus, distributing the 
content data encrypted by using the content key data to 
the data processing apparatus, and in the data process- 
ing apparatus, decrypting the distributed content key da- 
ta and the usage control policy data and determining the 
handling of the distributed content data based on the 
related decrypted usage control policy data. 
[0115] Also, a data providing method of an 11th as- 
pect of the present invention is a data providing method 
using a data providing apparatus, a data distribution ap- 
paratus, a data processing apparatus, and a manage- 
ment apparatus, comprising the steps of, in the man- 
agement apparatus, preparing a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data, provid- 
ing the content data encrypted by using the content key 
data from the data providing apparatus to the data dis- 
tribution apparatus, in the data distribution apparatus, 
distributing the provided content data to the data 
processing apparatus, and in the data processing appa- 
ratus, decrypting the content key data and the usage 
control policy data stored in the key file and determining 
the handling of the distributed content data based on the 
related decrypted usage control policy data. 
[0116] Also, a data providing method of a 1 2th aspect 
of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
preparing a key file storing encrypted content key data 
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and encrypted usage control policy data Indicating the 
handling of the content data, distributing the related pro- 
duced key file fronn the management apparatus to the 
data providing apparatus, providing a first module stor- 
ing a content file storing the content data encrypted by 
using the content key data and the key file received from 
the management apparatus from the data providing ap- 
paratus to the data distribution apparatus, and distribut- 
ing a second module storing the provided content file 
and the key file from the data distribution apparatus to 
the data processing apparatus, and in the data process- 
ing apparatus, decrypting the content key data and the 
usage control policy data stored In the distributed sec- 
ond module and determining the handling of the content 
data stored in the distributed second module based on 
the related decrypted usage control policy data. 
[01 1 7] Also, a data providing method of a 1 3th aspect 
of the present invention Is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
preparing a key file storing encrypted content key data 
and encrypted usage control policy data indicating the 
handling of the content data, in the data providing ap- 
paratus, providing a first module storing a content file 
containing the content data encrypted by using the con- 
tent key data and a key file received from the manage- 
ment apparatus to the data distribution apparatus, in the 
data distribution apparatus, distributing a second mod- 
ule storing the provided content file to the data process- 
ing apparatus, and in the data processing apparatus, 
decrypting the content key data and the usage control 
policy data stored in the distributed second module and 
determining the handling of the content data stored in 
the distributed second module based on the related de- 
crypted usage control policy data. 
[01 1 8] Also, a data providing method of a 1 4th aspect 
of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
preparing a key file storing encrypted content key data 
and encrypted usage control policy data Indicating the 
handling of the content data, distributing the produced 
key file from the management apparatus to the data pro- 
viding apparatus, individually distributing a content file 
storing the content data encrypted by using the content 
key data and the key file received from the management 
apparatus from the data providing apparatus to the data 
distribution apparatus, individually distributing the dis- 



tributed content file and the key file from the data distri- 
bution apparatus to the data distribution apparatus, and 
in the data processing apparatus, decrypting the content 
key data and the usage control policy data stored in the 

5 distributed key file and determining the handling of the 
content data stored In the distributed content file based 
on the related decrypted usage control policy data. 
[01 19] Also, a data providing method of a 1 5th aspect 
of the present invention is a data providing method for 

10 distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing a key 

15 file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data, distributing the related produced key file 
from the management apparatus to the data processing 
apparatus, providing a content file storing the content 

20 data encrypted by using the content key data from the 
data providing apparatus to the data distribution appa- 
ratus, and distributing the provided content file from the 
data distribution apparatus to the data processing ap- 
paratus, and in the data processing apparatus, decry pt- 

25 ing the content key data and the usage control policy 
data stored in the distributed key file and determining 
the handling of the content data stored in the distributed 
content file based on the related decrypted usage con- 
trol policy data. 

30 [01 20] Also, a data providing method of a 1 6th aspect 
of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content, 
data from the data distribution apparatus to a data 

35 processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
preparing a key file storing encrypted content key data 

40 and encrypted usage control policy data indicating the 
handling of the content data, in the data providing ap- 
paratus, providing afirst module storing thecontent data 
encrypted by using the content key data and the key file 
received from the management apparatus to the data 

45 distribution apparatus, in the data distribution appara- 
tus, distributing a second module storing the provided 
content data and the key file to the data processing ap- 
paratus, and in the data processing apparatus, decrypt- 
ing the content key data and the usage control policy 

50 data stored in the distributed second module and deter- 
mining the handling of the content data stored in the dis- 
tributed second module based on the related decrypted 
usage control policy data. 

[01 21] Also, a data providing method of a 1 7th aspect 
55 of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 



13 



;docid: <ep 



1132828A1 I > 



processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a nnanagement apparatus, 
comprising the steps of, in the management apparatus, 
preparing a key file storing encrypted content key data 5 
and encrypted usage control policy data indicating the 
handling of the content data, in the data providing ap- 
paratus, individually distributing the content data en- 
crypted by using the content key data and the key file 
received from the management apparatus to the data fo 
distribution apparatus, in the data distribution appara- 
tus, individually distributing the distributed content data 
and the key file to the data distribution apparatus, and 
in the data processing apparatus, decrypting the content 
key data and the usage control policy data stored in the i5 
distributed key file and determining the handling of the 
distributed content data based on the related decrypted 
usage control policy data. 

[0122] Also, a data providing method of an 18th as- 
pect of the present invention is a data providing method 20 
for distributing content data from a data providing appa- 
ratus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing a key 25 
file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data, and distributing the related produced key 
file to the data processing apparatus, in the data provid- 
ing apparatus, providing the content data encrypted by 50 
using the content key data to the data distribution appa- 
ratus, in the data distribution apparatus, distributing the 
provided content data to the data processing apparatus, 
and in the data processing apparatus, decrypting the 
content key data and the usage control policy data 35 
stored in the distributed key file and determining the 
handling of the distributed content data based on the 
related decrypted usage control policy data. 
[0123] Also, a data providing method of a 1 9th aspect 
of the present invention is a data providing method for 40 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data ^5 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
providing encrypted content key data and encrypted us- 
age control policy data indicating the handling of the 
content data to the data providing apparatus, in the data 
providing apparatus, individually distributing the content 
data encrypted by using the content key data and the 
encrypted content key data and the encrypted usage 
control policy data which are received from the manage- 
ment apparatus to the data distribution apparatus, in the 55 
data distribution apparatus, individually distributing the 
distributed content data, the encrypted content key data, 
and the encrypted usage control policy data to the data 



distribution apparatus, and in the data processing appa- 
ratus, decrypting the distributed content key data and 
the usage control policy data and detenmining the han- 
dling of the distributed content data based on the related 
decrypted usage control policy data. 
[01 24] Also, a data providing method of a 20th aspect 
of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
distributing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data to the data processing apparatus, in the 
data providing apparatus, distributing the content data 
encrypted by using the content key data to the data dis- 
tribution apparatus, in the data distribution apparatus, 
distributing the provided content data to the data 
processing apparatus, and in the data processing appa- 
ratus, decrypting the distributed content key data and 
the usage control policy data and detemnining the han- 
dling of the distributed content data based on the related 
decrypted usage control policy data. 
[0125] Also, a data providing method of a 21st aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 
tus, a management apparatus, and a data processing 
apparatus, wherein the data providing apparatus pro- 
vides master source data of content to the management 
apparatus, the management apparatus manages the 
data providing apparatus, the data distribution appara- 
tus, and the data processing apparatus, encrypts the 
provided master source data by using content key data 
to produce content data, produces a content file storing 
the related content data, produces a key file storing the 
encrypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 
and provides the content file and the key file to the data 
distribution apparatus, the data distribution apparatus 
distributes the provided content file and the key file to 
the data processing apparatus, and the data processing 
apparatus decrypts the content key data and the usage 
control policy data stored in the distributed key file and 
detennines the handling of the content data stored in 
the distributed content file based on the related decrypt- 
ed usage control policy data. 

[01 26] Also, a data providing method of a 22nd aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 
tus, a management apparatus, and a data processing 
apparatus, wherein the data providing apparatus pro- 
vides master source data of content to the management 
apparatus, the management apparatus manages the 
data providing apparatus, the data distribution appara- 
tus, and the data processing apparatus, encrypts the 
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provided master source data by using content key data 
to produce content data, produces a content file storing 
the related content data, produces a key file storing the 
encrypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 
and provides the content file to the data distribution ap- 
paratus and provides the key file to the data processing 
apparatus, the data distribution apparatus distributes 
the provided content file to the data processing appara- 
tus, and the data processing apparatus decrypts the 
content key data and the usage control policy data 
stored in the provided key file and determines the han- 
dling of the content data stored in the distributed content 
file based on the related decrypted usage control policy 
data. 

[0127] Also, a data providing method of a 23rd aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 
tus, a management apparatus, and a data processing 
apparatus, wherein the data providing apparatus pro- 
vides a content file storing encrypted content data using 
content key data to the management apparatus, the 
management apparatus manages the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus, produces a key file storing the 
encrypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 
provides the content file provided from the data provid- 
ing apparatus and the produced key file to the data dis- 
tribution apparatus, the data distribution apparatus dis- 
tributes the provided content file and the key file to the 
data processing apparatus, and the data processing ap- 
paratus decrypts the content key data and the usage 
control policy data stored in the distributed key file and 
detennines the handling of the content data stored in 
the distributed content file based on the related decrypt- 
ed usage control policy data. 

[01 28] Also, a data providing method of a 24th aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 
tus, a management apparatus, and a data processing 
apparatus, wherein the data providing apparatus pro- 
vides a content file storing encrypted content data using 
content key data to the management apparatus, the 
management apparatus manages the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus, produces a key file storing the 
encrypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 
provides the content file provided from the data provid- 
ing apparatus to the data distribution apparatus, and 
provides the produced key file to the data processing 
apparatus, the data distribution apparatus distributes 
the provided content file to the data processing appara- 
tus, and the data processing apparatus decrypts the 
content key data and the usage control policy data 
stored in the provided key file and determines the han- 
dling of the content data stored In the distributed content 



file based on the related decrypted usage control policy 
data. 

[01 29] Also, a data providing method of a 25th aspect 
of the present invention is a data providing method using 

5 a data providing apparatus, a data distribution appara- 
tus, a management apparatus, a database device, and 
a data processing apparatus, wherein the data providing 
apparatus encrypts content data by using content key 
data, produces a content file storing the related encrypt- 

10 ed content data, and stores the related produced con- 
tent file and a key file provided from the management 
apparatus in the database device, the management ap- 
paratus produces a key file storing the encrypted con- 
tent key data and encrypted usage control policy data 

T5 indicating the handling of the content data and provides 
the related produced key file to the data providing ap- 
paratus, the data distribution apparatus distributes the 
content file and key file obtained from the database de- 
vice to the data processing apparatus, and the data 

20 processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key file and determines the handling of the content data 
stored in the distributed content file based on the related 
decrypted usage control policy data. 

25 [01 30] Also, a data providing method of a 26th aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 
tus, a management apparatus, a database device, and 
a data processing apparatus, wherein the data providing 

30 apparatus encrypts content data by using content key 
data, produces a content file stohng the related encrypt- 
ed content data, and stores the related produced con- 
tent file in the database device, the management appa- 
ratus produces a key file storing the encrypted content 

35 key data and encrypted usage control policy data indi- 
cating the handling of the content data and provides the 
related produced key file to the data distribution appa- 
ratus, the data distribution apparatus distributes the 
content file obtained from the database device and the 

40 key file provided from the data distribution apparatus to 
the data processing apparatus, and the data processing 
apparatus decrypts the content key data and the usage 
control policy data stored in the distributed key file and 
detennines the handling of the content data stored in 

45 the distributed content file based on the related decrypt- 
ed usage control policy data. 

[0131 ] Also, a data providing method of a 27th aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 

50 tus, a management apparatus, a database device, and 
a data processing apparatus, wherein the data providing 
apparatus encrypts content data by using content key 
data, produces a content file storing the related encrypt- 
ed content data, and stores the related produced con- 

55 tent file in the database device, the management appa- 
- ratus produces a key file storing the encrypted content 
key data and encrypted usage control policy data indi- 
cating the handling of the content data and provides the 
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related produced key file to the data processing appa- 
ratus, the data distribution apparatus distributes the 
content file obtained from the database device and the 
key file provided from the data distribution apparatus to 
the data processing apparatus, and the data processing 
apparatus decrypts the content key data and the usage 
control policy data stored In the provided key file and 
determines the handling of the content data stored in 
the distributed content file based on the related decrypt- 
ed usage control policy data. 

[0132] Also, a data providing method of a 28th aspect 
of the present invention is a data providing method using 
a plurality of data providing apparatuses, a data distri- 
bution apparatus, a plurality of management apparatus- 
es, a database device, and a data processing appara- 
tus, wherein the data providing apparatuses encrypt 
content data by using content key data, produce content 
files storing the related encrypted content data, and 
store the related produced content files and key files 
provided from corresponding management apparatus- 
es in the database device, the management apparatus- 
es produce the key files storing the encrypted content 
key data and encrypted usage control policy data indi- 
cating the handling of the content data for the content 
data provided by corresponding data providing appara- 
tuses and provide the related produced key flies to cor- 
responding data providing apparatuses, the data distri- 
bution apparatus distributes the content files and key 
files obtained from the database device to the data 
processing apparatus, and the data processing appara- 
tus decrypts the content key data and the usage control 
policy data stored in the distributed key files and deter- 
mines the handling of the content data stored in the dis- 
tributed content files based on the related decrypted us- 
age control policy data. 

[0133] Also, a data providing method of a 29th aspect 
of the present invention is a data providing method using 
a plurality of data providing apparatuses, a data distri- 
bution apparatus, a plurality of management apparatus- 
es, a database device, and a data processing appara- 
tus, wherein the data providing apparatuses encrypt 
content data by using content key data, produce content 
files storing the related encrypted content data, and 
store the related produced content files in the database 
device, the management apparatuses produce the key 
files storing the encrypted content key data and encrypt- 
ed usage control policy data indicating the handling of 
the content data for the content data provided by con-e- 
sponding data providing apparatuses. and provide the 
related produced key files to the data distribution appa- 
ratus, the data distribution apparatus distributes the 
content files obtained from the database device and the 
key files provided from the management apparatuses to 
the data processing apparatus, and the data processing 
apparatus decrypts the content key data and the usage 
control policy data stored in the distributed key files and 
detemnines the handling of the content data stored in 
the distributed content files based on the related de- 



crypted usage control policy data. 
[01 34] Also, a data providing method of a 30th aspect 
of the present invention is a data providing method using 
a plurality of data providing apparatuses, a data distri- 
5 bution apparatus, a plurality of management apparatus- 
es, a database device, and a data processing appara- 
tus, wherein the data providing apparatuses encrypt 
content data by using content key data, produce content 
files storing the related encrypted content data, and 

10 store the related produced content files in the database 
device, the management apparatuses produce the key 
files storing the encrypted content key data and encrypt- 
ed usage control policy data indicating the handling of 
the content data for the content data provided by corre- 

15 spending data providing apparatuses and provide the 
related produced key files to the data processing appa- 
ratus, the data distribution apparatus distributes the 
content files obtained from the database device to the 
data processing apparatus, and the data processing ap- 

20 paratus decrypts the content key data and the usage 
control policy data stored in the provided key files and 
detemnines the handling of the content data stored in 
,the distributed content files based on the related de- 
crypted usage control policy data. 

25 [01 35] Also, a data providing method of a 31 st aspect 
of the present invention is a data providing method using 
a plurality of data providing apparatuses, a data distri- 
bution apparatus, a plurality of management apparatus- 
es, a database device, and a data processing appara- 

30 tus, wherein the data providing apparatuses provide 
master sources of content data to con-esponding man- 
agement apparatuses and store content files and key 
files received from the related management apparatus- 
es in the database, the management apparatuses en- 

35 crypt the master sources received from corresponding 
data providing apparatuses by using content key data, 
produce content files storing the related encrypted con- 
tent data, produce key files storing the encrypted con- 
tent key data and encrypted usage control policy data 

40 indicating the handling of the content data for the con- 
tent data provided by corresponding data providing ap- 
paratuses, and send the produced content files and the 
produced key files to corresponding data providing ap- 
paratuses, the data distribution apparatus distributes 

45 the content files and key files obtained from the data- 
base device to the data processing apparatus, and the 
data processing apparatus decrypts the content key da- 
ta and the usage control policy data stored in the dis- 
tributed key files and determines the handling of thecon- 

50 tent data stored in the distributed content files based on 
the related decrypted usage control policy data. 
[0136] Also, a data providing method of a 32nd aspect 
of the present invention is a data providing method using 
a plurality of data providing apparatuses, a data distri- 

55 bution apparatus, a plurality of management apparatus- 
es, a database device^ and a data processing appara- 
tus, wherein the data providing apparatuses provide 
master sources of content data to corresponding man- 
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agement apparatuses and store content files received 
from the related management apparatuses in the data- 
base, the management apparatuses encrypt the master 
sources received from corresponding data providing ap- 
paratuses by using content key data, produce content 
files storing the related encrypted content data, send the 
related produced content files to the data providing ap- 
paratuses, produce key files storing the encrypted con- 
tent key data and encrypted usage control policy data 
indicating the handling of the content data for the con- 
tent data provided by corresponding data providing ap- 
paratuses, and send the related produced key files to 
corresponding data distribution apparatus, the data dis- 
tribution apparatus distributes the content files obtained 
from the database device and key files provided from 
the management apparatuses to the data processing 
apparatus, and the data processing apparatus decrypts 
the content key data and the usage control policy data 
stored in the distributed key files and determines the 
handling of the content data stored in the distributed 
content files based on the related decrypted usage con- 
trol policy data. 

[01 37] Also, a data providing method of a 33rd aspect 
of the present invention is a data providing method using 
a plurality of data providing apparatuses, a data distri- 
bution apparatus, a plurality of management apparatus- 
es, a database device, and a data processing appara- 
tus, wherein the data providing apparatuses provide 
master sources of content data to corresponding man- 
agement apparatuses and store content files received 
from the related management apparatuses in the data- 
base, the management apparatuses encrypt the master 
sources received from corresponding data providing ap- 
paratuses by using content key data, produce content 
files storing the related encrypted content data, send the 
related produced content files to the data providing ap- 
paratuses, produce key files storing the encrypted con- 
tent key data and encrypted usage control policy data 
indicating the handling of the content data for the con- 
tent data provided by corresponding data providing ap- 
paratuses, and provide the related produced key files to 
the data processing apparatus, the data distribution ap- 
paratus distributes the content files obtained from the 
database device to the data processing apparatus, and 
the data processing apparatus decrypts the content key 
data and the usage control policy data stored in the pro- 
vided key files and determines the handling of the con- 
tent data stored in the distributed content files based on 
the related decrypted usage control policy data. 
[0138] Also, a data providing system of a 34th aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 
tus to a data processing apparatus, wherein the data 
providing apparatus distributes a module storing the 
content data encrypted by using content key data, the 
encrypted content key data, and encrypted usage con- 
trol policy data indicating the handling of the content da- 
ta to the data processing apparatus by using a prede- 



termined communication protocol in a format not de- 
pending upon the related communication protocol or by 
recording the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
5 the usage control policy data stored in the distributed 
module and determines the handling of the content data 
based on the related decrypted usage control policy da- 
ta. 

[0139] The mode of operation of the data providing 
10 system of the 34th aspect of the present invention be- 
comes as follows. 

[01 40] The module storing the content data encrypted 
by using the content key data, the encrypted content key 
data, and the encrypted usage control policy data indi- 
es eating the handling of the content data is distributed from 
the data providing apparatus to the data processing ap- 
paratus. 

[0141] At this time, the related module is distributed 
from the data providing apparatus to the data process- 
20 ing apparatus by using a predetermined communication 
protocol in a format not depending upon the related 
communication protocol or while being recorded on a 
storage medium. 

[0142] Then, in the data processing apparatus, the 

25 content key data and the usage control policy data 
stored in the distributed module are decrypted, and the 
handling of the content data is detennined based on the 
related decrypted usage control policy data. 
[01 43] In this way by storing the usage control policy 

30 data indicating the handling of the related content data 
in the module storing the content data, in the data 
processing apparatus, it becomes possible to handle 
(use) the content data based on the usage control policy 
data produced by the interested parties of the data pro- 

55 viding apparatus. 

[0144] Also, the module is distributed from the data 
providing apparatus to the data processing apparatus 
in the format not depending upon a predetennined com- 
munication protocol, so a compression method, encryp- 

40 tion method, etc. of the content data stored in the mod- 
ule can be freely detennined by the data providing ap- 
paratus. 

[0145] Also, in the data providing system of the 34th 
aspect of the present invention, preferably the module 

45 further storing signature data for verifying a legitimacy 
of a producer and a transmitter of at least one data 
among the content data, the content key data, and the 
usage control policy data is distributed to the data 
processing apparatus. 

50 [0146] Also, in the data providing system of the 34th 
aspect of the present invention, preferably the data pro- 
viding apparatus distributes the module further storing 
at least one data between data for verifying if the related 
data is not tampered with and signature data for verify- 

55 ing if the related data was nomnally certified by a prede- 
termined manager for at least one data among the con- 
tent data, the content key data, and the usage control 
policy data to the data processing apparatus. 
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[0147] Also, in the data providing system of the 34th 
aspect of the present invention, preferably the data 
processing apparatus detemnines a purchase form of 
the content data based on the usage control policy data, 
and where the content data is transferred to another da- . 5 
ta processing apparatus, the signature data indicating 
the legitimacy of the purchaser of the related content 
data and the signature data indicating the legitimacy of 
the transmitter of the related content data are made dif- 
ferent. 10 
[0148] A data providing system of 35th aspect of the 
present invention is a data providing system for distrib- 
uting content data from a data providing apparatus to a 
data processing apparatus and managing the data pro- 
viding apparatus and the data processing apparatus by ^5 
a management apparatus, wherein the management 
apparatus produces a key file storing encrypted content 
key data and encrypted usage control policy data indi- 
cating the handling of the content data, the data provid- 
ing apparatus distributes a module storing a content file 
storing the content data encrypted by using the content 
key data and the key file received from the management 
apparatus to the data processing apparatus by using a 
predetermined communication protocol in a format not 
depending upon the related communication protocol or 25 
by recording the same on a storage medium, and the 
data processing apparatus decrypts the content key da- 
ta and the usage control policy data stored in the dis- 
tributed module and determines the handling of the con- 
tent data based on the related decrypted usage control 30 
policy data. 

[0149] The mode of operation of the data providing 
system of the 35th aspect of the present invention be- 
comes as follows. 

[0150] In the management apparatus, the key file 35 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data is produced. 

[0151] Then, the related produced key file is distribut- 
ed from the management apparatus to the data provid- 40 
ing apparatus. 

[0152] Then, the module storing the content file stor- 
ing the content data encrypted by using the content key 
data and the key file received from the management ap- 
paratus is distributed from the data providing apparatus 
to the data processing apparatus by using a predeter- 
mined communication protocol but in a format not de- 
pending upon the related communication protocol or 
while being recorded on a storage medium. 
[0153] Then, in the data processing apparatus, the so 
content key data and the usage control policy data 
stored in the distributed module are decrypted, and the 
handling of the content data is determined based on the 
related decrypted usage control policy data. 
[0154] Also, in the data providing system of the 35th 55 
aspect of the present invention, preferably the manage- 
ment apparatus produces signature data for verifying 
the legitimacy of the producer of the key file and produc- 



es the key file further storing the related signature data. 
[0155] Also, in the data providing system of the 35th 
aspect of the present invention, preferably the data pro- 
viding apparatus produces the content key data and the 
usage control policy data and transmrts the same to the 
management apparatus, and the management appara- 
tus produces the key file based on the received content 
key data and usage control policy data and registers the 
related produced key file. 

[0156] Also, a data providing apparatus of the present 
invention is a data providing apparatus which is man- 
aged by a management apparatus and distributes con- 
tent data to a data processing apparatus, receiving a 
key file storing encrypted content key data and encrypt- 
ed usage control policy data indicating the handling of 
the content data from the management apparatus and 
distributing a module storing a content file storing the 
content data encrypted by using the content key data 
and the key file received from the management appara- 
tus to the data processing apparatus. 
[0157] Also, a data processing apparatus of the 
present invention is a data processing apparatus man- 
aged by a management apparatus and utilizing content 
data, receiving a module containing a key file storing en- 
crypted content key data and encrypted usage control 
policy data indicating the handling of the content data 
and a content file storing the content data encrypted by 
using the content key data, determining at least one be- 
tween a purchase form and an usage f omn of the content 
data based on the usage control policy data, and trans- 
mitting a log data indicating the log of the determined at 
least one of the related purchase form and usage form 
to the management apparatus. 

[0158] Also, a data providing system of a 36th aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data, the data 
providing apparatus distributes a module storing a con- 
tent file containing the content data encrypted by using 
the content key data and the key file received from the 
management apparatus to the data processing appara- 
tus by using a predetermined communication protocol 
in a format not depending upon the related communica- 
tion protocol or recording the same on a storage medi- 
um, and the data processing apparatus decrypts the 
content key data and the usage control policy data 
stored in the distributed module and determines the 
handling of the content data based on the related de- 
crypted usage control policy data. 
[0159] The mode of operation of the data providing 
system of the 36th aspect of the present invention be- 
comes as follows. 

[0160] In the management apparatus, the key file 
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storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data is produced, and the related key file is 
sent to the data providing apparatus. 
[0161] Then, the module storing the content file con- 
taining the content data encrypted by using the content 
key data and the key file received from the management 
apparatus is distributed from the data providing appara- 
tus to the data processing apparatus by using a prede- 
temnined communication protocol in a format not de- 
pending upon the related communication protocol or 
while being recorded on a storage medium. 
[0162] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed module are decrypted, and the 
handling of the content data is determined based on the 
related decrypted usage control policy data. 
[01 63] Also, a data providing system of a 37th aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data, the data 
providing apparatus individually distributes a content file 
storing the content data encrypted by using the content 
key data and the key file received from the management 
apparatus to the data processing apparatus by using a 
predetermined communication protocol but in a fomnat 
not depending upon the related communication protocol 
or by recording the same on a storage medium, and the 
data processing apparatus decrypts the content key da- 
ta and the usage control policy data stored in the dis- 
tributed key file and determines the handling of the con- 
tent data stored in the distributed content file based on 
the related decrypted usage control policy data. 
[0164] The mode of operation of the data providing 
system of the 37th aspect of the present invention be- 
comes as follows. In the management apparatus, the 
key file storing the encrypted content key data and the 
encrypted usage control policy data indicating the han- 
dling of the content data is produced, and the related 
key file is sent to the data providing apparatus. 
[0165] Then, in the data processing apparatus, the 
content file storing the content data encrypted by using 
the content key data and the key file received from the 
management apparatus are individually distributed to 
the data processing apparatus by using a predeter- 
mined communication protocol but in a format not de- 
pending upon the related communication protocol or 
while being recorded on a storage medium. 
[0166] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed key file are decrypted, and the 
handling of the content data stored in the distributed 
content file is detemnined based on the related decrypt- 



ed usage control policy data. 

[0167] Also, a data providing system of a 38th aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 

5 tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 

10 data indicating the handling of the content data and dis- 
tributes the related produced key file to the data 
processing apparatus, the data providing apparatus dis- 
tributes a content file storing the content data encrypted 
by using the content key data to the data processing ap- 

15 paratus by using a predetemnined communication pro- 
tocol but in a format not depending upon the related 
communication protocol or recording the same on a 
storage medium , and the data processing apparatus de- 
crypts the content key data and the usage control policy 

20 data stored in the distributed keyfile and determines the 
handling of the content data stored in the distributed 
content file based on the related decrypted usage con- 
trol policy data. 

[0168] Below, an explanation will be made of the 
25 mode of operation of the data providing system of the 
38th aspect of the present invention. 
[0169] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
30 the content data is produced. 

[0170] The related produced key file is distributed 
from the management apparatus to the data processing 
apparatus. 

[0171] Also, the content file storing the content data 
35 encrypted by using the content key data is distributed 
from the data providing apparatus to the data process- 
ing apparatus by using a predetermined communication 
protocol but in a format not depending upon the related 
communication protocol or v/hile being recorded on a 
40 storage medium. 

[0172] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed key file are decrypted, and the 
handling of the content data stored in the distributed 
45 content file is determined based on the related decrypt- 
ed usage control policy data. 

[0173] Also, a data providing system of a 39th aspect 
of the present Invention is a data providing system for 
distributing content data from a data providing appara- 

50 tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 

55 data indicating the handling of the content data, the data 
providing apparatus distributes a module storing the 
content data encrypted by using the content key data 
and the key file received from the management appara- 
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tus to the data processing apparatus by using a prede- 
termined communication protocol but in a fonnat not de- 
pending upon the related communication protocol or re- 
cording the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
module and detemiines the handling of the content data 
based on the related decrypted usage control policy da- 
ta. 

[0174] Below, an explanation will be made of the 
mode of operation of the data providing system of the 
39th aspect of the present invention. 
[0175] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data is produced, and the related key file is 
sent to the data providing apparatus. 
[01 76] Then, the module storing the content data en- 
crypted by using the content key data and the key file 
received from the management apparatus is distributed 
from the data providing apparatus to the data process- 
ing apparatus by using a predetermined communication 
protocol but in a format not depending upon the related 
communication protocol or while being recorded on a 
storage medium. 

[0177] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed module are decrypted, and the 
handling of the content data is detemnined based on the 
related decrypted usage control policy data. 
[0178] Also, a data providing system of a 40th aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data, the data 
providing apparatus individually distributes the content 
data encrypted by using the content key data and the 
key file received from the management apparatus to the 
data processing apparatus by using a predetermined 
communication protocol but in a format not depending 
upon the related communication protocol or recording 
the same on a storage medium, and the data processing 
apparatus decrypts the content key data and the usage 
control policy data stored in the distributed key file and 
determines the handling of the distributed content data 
based on the related decrypted usage control policy da- 
ta. 

[0179] Below, an explanation will be made of the 
mode of operation of the data providing system of the 
40th aspect of the present invention. 
[0180] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data is produced, and the related key file is 



sent to the data providing apparatus. 
[01 81 ] Then, the content data encrypted by using the 
content key data and the key file received from the man- 
agement apparatus are individually distributed from the 
5 data providing apparatus to the data processing appa- 
ratus by using a predetemnined communication protocol 
but in a fonnat not depending upon the related commu- 
nication protocol or while being recorded on a storage 
medium. 

10 [0182] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed key file are decrypted, and the 
handling of the distributed content data is determined 
based on the related decrypted usage control policy da- 

?5 ta. 

[01 83] Also, a data providing system of a 41 st aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
^0 data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data and dis- 
25 tributes the related produced key file to the data 
processing apparatus, the data providing apparatus dis- 
tributes the content data encrypted by using the content 
key data to the data processing apparatus by using a 
predetermined communication protocol but in a format 
30 not depending upon the related communication protocol 
or recording the same on a storage medium, and the 
data processing apparatus decrypts the content key da- 
ta and the usage control policy data stored in the dis- 
tributed key file and detennines the handling of the dis- 
tributed content data based on the related decrypted us- 
age control policy data. 

[0184] Below, an explanation will be made of the 
mode of operation of the data providing system of the 
41st aspect of the present invention. 
[0185] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data is produced, and the related produced 
key file is distributed to the data processing apparatus. 
[0188] Also, the content data encrypted by using the 
content key data is distributed from the data providing 
apparatus to the data processing apparatus by using a 
predetermined communication protocol but In a format 
not depending upon the related communication protocol 
or while being recorded on a storage medium. 
[0187] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed key file are decrypted, and the 
handling of the distributed content data is determined 
based on the related decrypted usage control policy da- 
ta. 

[01 88] Also, a data providing system of a 42nd aspect 
of the present invention is a data providing system for 
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distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agennent apparatus produces encrypted content key da- 
ta and encrypted usage control policy data indicating the 
handling of the content data, the data providing appara- 
tus individually distributes the content data encrypted by 
using the content key data and the encrypted content 
key data and the encrypted usage control policy data 
received from the management apparatus to the data 
processing apparatus by using a predetermined com- 
munication protocol but in a format not depending upon 
the related communication protocol or recording the 
same on a storage medium, and the data processing 
apparatus decrypts the distributed content key data and 
the usage control policy data and detemnines the han- 
dling of the content data stored In the distributed content 
file based on the related decrypted usage control policy 
data. 

[0189] Below, an explanation will be made of the 
mode of operation of the data providing system of the 
42nd aspect of the present invention. 
[0190] In the management apparatus, the encrypted 
content key data and the encrypted usage control policy 
data indicating the handling of the content data are pro- 
duced and are sent to the data providing apparatus. 
[0191] Then, the content data encrypted by using the 
content key data and the encrypted content key data 
and the encrypted usage control policy data received 
from the management apparatus are Individ ually distrib- 
uted from the data providing apparatus to the data 
processing apparatus by using a predetermined com- 
munication protocol but in a format not depending upon 
the related communication protocol or while being re- 
corded on a storage medium. 

[0192] Then, in the data processing apparatus, the 
distributed content key data and the usage control policy 
data are decrypted, and the handling of the content data 
stored in the distributed content file is determined based 
on the related decrypted usage control policy data. 
[0193] Also, a data providing system of a 43rd aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces encrypted content key da- 
ta and encrypted usage control policy data indicating the 
handling of the content data and distributes the same to 
the data processing apparatus, the data providing ap- 
paratus distributes the content data encrypted by using 
the content key data to the data processing apparatus 
by using a predetermined communication protocol but 
in a format not depending upon the related communica- 
tion protocol or recording the same on a storage medi- 
um, and the data processing apparatus decrypts the dis- 
tributed content key data and the usage control policy 



data and determines the handling of the distributed con- 
tent data based on the related decrypted usage control 
policy data. 

[0194] Below, an explanation will be made of the 
5 mode of operation of the data providing system of the 
43rd aspect of the' present invention. 
[0195] In the management apparatus, the encrypted 
content key data and the encrypted usage control policy 
data indicating the handling of the content data are pro- 
10 duced and are distributed to the data processing appa- 
ratus. 

[0196] Then, the content data encrypted by using the 
content key data is distributed from the data providing 
apparatus to the data processing apparatus by using a 

15 predetermined communication protocol but in a format 
not depending upon the related communication protocol 
or while being recorded on a storage medium. 
[0197] Then, in the data processing apparatus, the 
distributed content key data and the usage control policy 

20 data are decrypted, and the handling of the distribution 
the content data is determined based on the related de- 
crypted usage control policy data. 
[0198] Also, a data providing system of a 44th aspect 
of the present invention is a data providing system hav- 

25 ing a data providing apparatus, a data distribution ap- 
paratus, and a data processing apparatus, wherein the 
data providing apparatus provides a first module storing 
content data encrypted by using content key data, the 
encrypted content key data, and encrypted usage con- 

30 trol policy data indicating the handling of the content da- 
ta to the data distribution apparatus, the data distribution 
apparatus distributes a second module storing the en- 
crypted content data, content key data, and the usage 
control policy data stored in the provided first module to 

35 the data processing apparatus by using a predeter- 
mined communication protocol but in a fonnat not de- 
pending upon the related communication protocol or by 
recording the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 

40 the usage control policy data stored in the distributed 
second module and determines the handling of the con- 
tent data based on the related decrypted usage control 
policy data. 

[0199] Below, an explanation will be made of the 
45 mode of operation of the data providing system of the 
44th aspect of the present invention. 
[0200] The first module storing the content data en- 
crypted by using the content key data, the encrypted 
content key data, and the encrypted usage control pol icy 
50 data indicating the handling of the content data is pro- 
vided from the data providing apparatus to the data dis- 
tribution apparatus by for example using a predeter- 
mined communication protocol but in a fomnat not de- 
pending upon the related communication protocol or 
55 while being recorded on a storage medium. 

[0201 ] Next, the second module storing the encrypted 
content data, content key data, and the usage control 
policy data stored In the provided first module is distrib- 
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uted from the data distribution apparatus to the data 
processing apparatus by using a predetermined com- 
munication protocol but in a format not depending upon 
the related communication protocol or while being re- 
corded on a storage medium. 

[0202] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed second module are decrypted, 
and the handling of the content data is determined 
based on the related decrypted usage control policy da- 
ta. 

[0203] In this way, by storing the usage control policy 
data indicating the handling of the related content data 
in the first module and second module storing the con- 
tent data, in the data processing apparatus, it becomes 
possible to have the data processing apparatus perfonn 
the handling (usage) of the content data based on the 
usage control policy data produced by the interested 
parties of the data providing apparatus. 
[0204] Also, the second module is distributed from the 
data distribution apparatus to the data processing ap- 
paratus in a format not depending upon on a predeter- 
mined communication protocol, so the compression 
method and encryption method etc. of the content data 
stored in the second module can be freely determined 
by the data providing apparatus. 

[0205] A data providing system of a 45th aspect of the 
present invention is a data providing system for provid- 
ing content data from a data providing apparatus to a 
data distribution apparatus, distributing the content data 
from the data distribution apparatus to a data processing 
apparatus, and managing the data providing apparatus, 
the data distribution apparatus, and the data processing 
apparatus by a management apparatus, wherein the 
management apparatus produces a key file storing en- 
crypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 
the data providing apparatus provides a first module 
storing a content file storing the content data encrypted 
by using the content key data and the key file received 
from the management apparatus to the data distribution 
apparatus, the data distribution apparatus distributes a 
second module storing the provided content file and the 
key file to the data processing apparatus by using a pre- 
detennined communication protocol but In a fonnat not 
depending upon the related communication protocol or 
recording the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
second module and detemnines the handling of the con- 
tent data stored in the distributed second module based 
on the related decrypted usage control policy data. 
[0206] Below, an explanation will be made of the 
mode of operation of the data providing system of the 
45th aspect of the present invention. 
[0207] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 



the content data is produced, and the related key file is 
sent to the data providing apparatus. 
[0208] Then, the first module storing the content file 
storing the content data encrypted by using the content 

5 key data and the key file received from the management 
apparatus is provided from the data providing apparatus 
to the data distribution apparatus. 
[0209] Then, the second module storing the provided 
content file and the key file is distributed from the data 

10 distribution apparatus to the data processing apparatus 
by using a predetennined communication protocol but 
in a format not depending upon the related communica- 
tion protocol or while being recorded on a storage me- 
dium. 

15 [0210] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed second module are decrypted, 
and the handling of the content data stored in the dis- 
tributed second module is determined based on the re- 

20 lated decrypted usage control policy data. 

[021 1 ] A data providing system of a 46th aspect of the 
present invention is a data providing system for provid- 
ing content data from a data providing apparatus to a 
data distribution apparatus, distributing the content data 

25 from the data distribution apparatus to a data processing 
apparatus, and managing the data providing apparatus, 
the data distribution apparatus, and the data processing 
apparatus by a management apparatus, wherein the 
management apparatus produces a key file storing en- 

30 crypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 
the data providing apparatus provides a first module 
storing a content file containing the content data en- 
crypted by using the content key data and a key file re- 

35 ceived from the management apparatus to the data dis- 
tribution apparatus, the data distribution apparatus dis- 
tributes a second module storing the provided content 
file to the data processing apparatus by using a prede- 
temnined communication protocol but in a fonnat not de- 

40 pending upon the related communication protocol or re- 
cording the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
second module and determines the handling of the con- 

45 tent data stored In the distributed second module based 
on the related decrypted usage control policy data. 
[0212] Also, a data providing system of a 47th aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 

50 to a first data distribution apparatus and a second data 
distribution apparatus, distributing the content data from 
the first data distribution apparatus and the second data 
distributiori apparatus to a data processing apparatus, 
and managing the data providing apparatus, the first da- 

55 ta distribution apparatus, the second data distribution 
apparatus, and the data processing apparatus by a 
management apparatus, wherein the management ap- 
paratus produces a key file storing encrypted content 
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key data and encrypted usage control policy data indi- 
cating the handling of the content data, the data provid- 
ing apparatus provides a first module storing a content 
file storing the content data encrypted by using the con- 
tent key data and the key file received from the manage- 
ment apparatus to the first data distribution apparatus 
and the second data distribution apparatus, the first data 
distribution apparatus distributes a second module stor- 
ing the provided content file and the key file to the data 
processing apparatus, the second data distribution ap- 
paratus distributes a third module storing the provided 
content file and the key file to the data processing ap- 
paratus, and the data processing apparatus decrypts 
the content key data and the usage control policy data 
stored in the distributed second module and the third 
module and determines the handling of the content data 
based on the related decrypted usage control policy da- 
ta. 

[021 3] Also, a data providing system of a 48th aspect 
of the present invention is a data providing system for 
providing first content data from a first data providing 
apparatus to a data distribution apparatus, providing 
second content data from a second data providing ap- 
paratus to the data distribution apparatus, distributing 
the content data from the data distribution apparatus to 
a data processing apparatus, and managing the first da- 
ta providing apparatus, the second data providing ap- 
paratus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
wherein the management apparatus produces a first 
key file storing an encrypted first content key data and 
an encrypted first usage control policy data indicating 
the handling of the first content data and a second key 
file storing an encrypted second content key data and 
an encrypted second usage control policy data indicat- 
ing the handling of the second content data, the first data 
providing apparatus provides a first module storing a 
first content file storing the first content data encrypted 
by using the first content key data and the first key file 
received from the management apparatus to the data 
distribution apparatus, the second data providing appa- 
ratus provides a second module storing a second con- 
tent file storing the second content data encrypted by 
using the second content key data and the second key 
file received from the management apparatus to the da- 
ta distribution apparatus, the data distribution apparatus 
distributes a third module storing the provided first con- 
tent file, the first key file, the second content file, and the 
second key file to the data processing apparatus, and 
the data processing apparatus decrypts the first content 
key data, the second content key data, the first usage 
control policy data, and the second usage control policy 
data stored in the distributed third module, determines 
the handling of the first content data based on the relat- 
ed decrypted first usage control policy data, and deter- 
mines the handling of the second content data based 
on the related decrypted second usage control policy 
data. 



[0214] Also, a data providing system of a 49th aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 

5 data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
wherein the management apparatus produces a key file 

10 storing encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, the data providing apparatus individually distrib- 
utes a content file storing the content data encrypted by 
using the content key data and the key file received from 

15 the management apparatus to the data distribution ap- 
paratus, the data distribution apparatus individually dis- 
tributes the distributed content file and the key file to the 
data processing apparatus by using a predetemnined 
communication protocol but in a format not depending 

^0 upon the related communication protocol or by record- 
ing the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key file and detemnines the handling of the content data 

25 stored in the distributed content file based on the related 
decrypted usage control policy data. 
[0215] Also, a data providing system of a 50th aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 

30 to a data processing apparatus and managing the data 
providing apparatus and the data processing apparatus 
by a management apparatus, wherein the management 
apparatus produces a key file storing encrypted content 
key data and encrypted usaige control policy data indi- 

55 eating the handling of the content data and distributes 
the related produced key file to the data processing ap- 
paratus, the data providing apparatus distributes a con- 
tent file storing the content data encrypted by using the 
content key data to the data distribution apparatus, the 

40 data distribution apparatus distributes the provided con- 
tent file to the data processing apparatus by using a pre- 
determined communication protocol but in afonnat not 
depending upon the related communication protocol or 
by recording the same on a storage medium, and the 

45 data processing apparatus decrypts the content key da- 
ta and the usage control policy data stored in the dis- 
tributed key file and determines the handling of the con- 
tent data stored in the distributed content file based on 
the related decrypted usage control policy data. 

50 [0216] Also, a data providing system of a 51 st aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 

55 processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
wherein the management apparatus produces a key file 
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storing encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, the data providing apparatus provides a first mod- 
ule storing the content data encrypted by using the con- 
tent key data and the key file received from the nnanage- 
ment apparatus to the data distribution apparatus, the 
data distribution apparatus distributes a second module 
storing the provided content data and the key file to the 
data processing apparatus by using a predetemnined 
communication protocol but in a fomnat not depending 
upon the related communication protocol or by record- 
ing the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
second module and detemnlnes the handling of the con- 
tent data stored in the distributed second module based 
on the related decrypted usage control policy data. 
[0217] Also, a data providing system of a 52nd aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
wherein the management apparatus produces a key file 
storing encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, the data providing apparatus individually distrib- 
utes the content data encrypted by usi ng the content key 
data and the key file received from the management ap- 
paratus to the data distribution apparatus, the data dis- 
tribution apparatus Individually distributes the distribut- 
ed content data and the key file to the data distribution 
apparatus by using a predetemnined communication 
protocol but in a fomnat not depending upon the related 
communication protocol or by recording the same on a 
storage medium, and the data processing apparatus de- 
crypts the content key data and the usage control policy 
data stored in the distributed key file and determines the 
handling of the distributed content data based on the 
related decrypted usage control policy data. 
[021 8] Also, a data providing system of a 53rd aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data processing apparatus, and managing the data 
providing apparatus and the data processing apparatus 
by a management apparatus, wherein the management 
apparatus produces a key file storing encrypted content 
key data and encrypted usage control policy data indi- 
cating the handling of the content data and distributes 
the related produced key file to the data processing ap- 
paratus, the data providing apparatus distributes the 
content data encrypted by using the content key data to 
the data distribution apparatus, the data distribution ap- 
paratus distributes the provided content data to the data 
processing apparatus by using a predetermined com- 
munication protocol but in a format not depending upon 



the related communication protocol or by recording the 
same on a storage medium, and the data processing 
apparatus decrypts the content key data and the usage 
control policy data stored in the distributed key file and 
5 detemnlnes the handling of the distributed content data 
based on the related decrypted usage control policy da- 
ta. 

[0219] Also, a data providing system of a 54th aspect 
of the present invention is a data* providing system for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 

^5 processing apparatus by a management apparatus, 
wherein the management apparatus provides encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data to the 
data providing apparatus, the data providing apparatus 

^0 individually distributes the content data encrypted by us- 
ing the content key data and the encrypted content key 
data and the encrypted usage control policy data re- 
ceived from the management apparatus to the data dis- 
tribution apparatus, the data distribution apparatus dis- 

25 tributes the distributed content data, the encrypted con- 
tent key data, and the encrypted usage control policy 
data to the data distribution apparatus by using a pre- 
determined communication protocol but in a format not 
depending upon the related communication protocol or 

30 recording the same on a storage medium, and the data 
processing apparatus decrypts the distributed content 
key data and the usage control policy data and deter- 
mines the handling of the distributed content data based 
on the related decrypted usage control policy data. 

35 [0220] Also, a data providing system of a 55th aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 

40 processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
wherein the management apparatus provides encrypt- 
ed content key data and encrypted usage control policy 

45 data indicating the handling of the content data to the 
data processing apparatus, the data providing appara- 
tus provides the content data encrypted by using the 
content key data to the data distribution apparatus, the 
data distribution apparatus distributes the distributed 

5£> provided content data to the data processing apparatus 
by using a predetemnined communication protocol but 
in a format not depending upon the related communica- 
tion protocol or recording the same on a storage medi- 
um, and the data processing apparatus decrypts the dis- 

55 tributed content key data and the usage control policy 
data and determines the handling of the distributed con- 
tent data based on the related decrypted usage control 
policy data. 
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[0221] Also, a data providing system of a 56th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, and a data process- 
ing apparatus, wherein the data providing apparatus 
provides master source data of content to the manage- 
ment apparatus, the management apparatus manages 
the data providing apparatus, the data distribution ap- 
paratus, and the data processing apparatus, encrypts 
the provided master source data by using content key 
data to produce content data,, produces a content file 
storing the related content data, produces a key file stor- 
ing the encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, and provides the content file and the key file to the 
data distribution apparatus, the data distribution appa- 
ratus distributes the provided content file and the key 
file to the data processing apparatus by using a prede- 
termined communication protocol but in a format not de- 
pending upon the related communication protocol or re- 
cording the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key file and determines the handling of the content data 
stored in the distributed content file based on the related 
decrypted usage control policy data. 
[0222] Also, in the data providing system of the 56th 
aspect of the present invention, preferably the manage- 
ment apparatus produces a first module storing the con- 
tent file and the key file and provides the related first 
module to the data distribution apparatus, and the data 
distribution apparatus produces a second module stor- 
ing the content file and the key file stored in thef irst mod- 
ule and distributes the related second module to the da- 
ta processing apparatus. 

[0223] Also, in the data providing system of the 56th 
aspect of the present invention, preferably the manage- 
ment apparatus has at least one database among a da- 
tabase for storing and managing the content file, a da- 
tabase for storing and managing the key file, and a da- 
tabase for storing and managing the usage control pol- 
icy data and centrally manages at least one among the 
content file, the key file, and the usage control policy 
data by using a content identifier uniquely allocated to 
the content data. 

[0224] Also, a data providing system of a 57th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, and a data process- 
ing apparatus, wherein the data providing apparatus 
provides master source data of content to the manage- 
ment apparatus, the management apparatus manages 
the data providing apparatus, the data distribution ap- 
paratus, and the data processing apparatus, encrypts 
the provided master source data by using content key 
data to produce content data, produces a content file 
storing the related content data, produces a key file stor- 
ing the encrypted content key data and encrypted usage 



control policy data indicating the handling of the content 
data, and provides the content file to the data distribution 
apparatus and provides the key file to the data process- 
ing apparatus, the data distribution apparatus distrib- 

5 utes the provided content file to the data processing ap- 
paratus by using a predetemnined communication pro- 
tocol but in a format not depending upon the related 
communication protocol or recording the same on a 
storage medium , and the data processing apparatus de- 

10 crypts the content key data and the usage control policy 
data stored in the provided key file and detemnines the 
handling of the content data stored in the distributed 
content file based on the related decrypted usage con- 
trol policy data. 

15 [0225] Also, a data providing system of a 58th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, amanagementapparatus, and adata process- 
ing apparatus, wherein the data providing apparatus 

20 provides a content file storing encrypted content data 
using content key data to the management apparatus, 
the management apparatus manages the data provid- 
ing apparatus, the data distribution apparatus, and the 
data processing apparatus, produces a key file storing 

25 the encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, and provides the content file provided from the da- 
ta providing apparatus and the produced key file to the 
data distribution apparatus, the data distribution appa- 

30 ratus distributes the provided content file and the key 
file to the data processing apparatus by using a prede- 
termined communication protocol but in a format not de- 
pending upon the related communication protocol or by 
recording the same on a storage medium, and the data 

35 processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key file and determines the handling of the content data 
stored in the distributed content file based on the related 
decrypted usage control policy data. 

40 [0226] Also, a data providing system of a 59th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, and a data process- 
ing apparatus, wherein the data providing apparatus 

45 provides a content file storing encrypted content data 
using content key data to the management apparatus, 
the management apparatus manages the data provid- 
ing apparatus, the data distribution apparatus, and the 
data processing apparatus, produces a key file storing 

50 the encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, provides the content file provided from the data 
providing apparatus to the data distribution apparatus, 
and provides the produced key file to the data process- 

55 ing apparatus, the data distribution apparatus distrib- 
utes the provided content file to the data processing ap- 
paratus by using a predetemnined communication pro- 
tocol but in a format not depending upon the related 
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communication protocol or by recording the sanne on a 
storage medium, and the data processing apparatus de- 
crypts the content l<ey data and the usage control policy 
data stored in the provided key file and detennines the 
handling of the content data stored in the distributed 
content file based on the related decrypted usage con- 
trol policy data. 

[0227] Also, a data providing system of a 60th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, a database device, 
and a data processing apparatus, wherein the data pro- 
viding apparatus encrypts content data by using content 
key data, produces a content file storing the related en- 
crypted content data, and stores the related produced 
content file and a key file provided from the manage- 
ment apparatus in the database device, the manage- 
ment apparatus produces a key file storing the encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data and pro- 
vides the related produced key file to the data providing 
apparatus, the data distribution apparatus distributes 
the content file and key file obtained from the database 
device to the data processing apparatus by using a pre- 
determined communication protocol but in a format not 
depending upon the related communication protocol or 
recording the same on a storage medium, and the data 
processing apparatus decr/pts the content key data and 
the usage control policy data stored in the distributed 
key file and determines the handling of the content data 
stored in the distributed content file based on the related 
decrypted usage control policy data. 
[0228] Also, a data providing system of a 61 st aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, a database device, 
and a data processing apparatus, wherein the data pro- 
viding apparatus encrypts content data by using content 
key data, produces a content file storing the related en- 
crypted content data, and stores the related produced 
content file in the database device, the management ap- 
paratus produces a key file storing the encrypted con- 
tent key data and encrypted usage control policy data 
indicating the handling of the content data and provides 
the related produced key file to the data providing ap- 
paratus, the data distribution apparatus distributes the 
content file obtained from the database device and the 
key file provided from the data distribution apparatus to 
the data processing apparatus by using a predeter- 
mined communication protocol but in a format not de- 
pending upon the related communication protocol or re- 
cording the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key file and determines the handling of the content data 
stored in the distributed content file based on the related 
decrypted usage control policy data. 
[0229] Also, a data providing system of a 62nd aspect 



of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, a database device, 
and a data processing apparatus, wherein the data pro- 

5 viding apparatus encrypts content data by using content 
key data, produces a content file storing the related en- 
crypted content data, and stores the related produced 
contentf lie in the database device, the management ap- 
paratus produces a key file storing the encrypted con- 

10 tent key data and encrypted usage control policy data 
indicating the handling of the content data and provides 
the related produced key file to the data processing ap- 
paratus, the data distribution apparatus distributes the 
contentf lie obtained from the database device to the da- 

^5 ta processing apparatus by using a predetermined com- 
munication protocol but in a format not depending upon 
the related communication protocol or recording the 
same on a storage medium, and the data processing 
apparatus decrypts the content key data and the usage 

^0 control policy data stored in the provided key file and 
detemnines the handling of the content data stored in 
the distributed content file based on the related decrypt- 
ed usage control policy data. 

[0230] Also, a data providing system of a 63rd aspect 
25 of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
tribution apparatus, a plurality of management appara- 
tuses, a database device, and a data processing appa- 
ratus, wherein the data providing apparatuses encrypt 
30 content data by using content key data, produce content 
files storing the related encrypted content data, and 
store the related produced content files and key files 
provided from corresponding management apparatus- 
es in the database device, the management apparatus- 
es es produce key files storing the encrypted content key 
data and encrypted usage control policy data indicating 
the handling of the content data for the content data pro- 
vided by corresponding data providing apparatuses and 
provide the related produced key files to corresponding 
40 data providing apparatuses, the data distribution appa- 
ratus distributes the content files and key files obtained 
from the database device to the data processing appa- 
ratus by using a predetennined communication protocol 
but in a format not depending upon the related commu- 
45 nication protocol or recording the same on a storage me- 
dium, and the data processing apparatus decrypts the 
content key data and the usage control policy data 
stored in the distributed key files and determines the 
handling of the content data stored in the distributed 
50 content files based on the related decrypted usage con- 
trol policy data. 

[0231] Also, a data providing system of a 64th aspect 
of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
ss tribution apparatus, a plurality of management appara- 
tuses, a database device, and a data processing appa- 
ratus, wherein the data providing apparatuses encrypt 
content data by using content key data, produce content 
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files storing the related encrypted content data, and 
store tlie related produced content files in the database 
device, the management apparatuses produce key files 
storing the encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data tor the content data provided by corre- 
sponding data providing apparatuses and provide the 
related produced key files to the data distribution appa- 
ratus, the data distribution apparatus distributes the 
content files obtained from the database device and the 
key files provided from the management apparatuses to 
the data processing apparatus by using a predeter- 
mined communication protocol but in a format not de- 
pending upon the related communication protocol or re- 
cording the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key files and determines the handling of the content data 
stored in the distributed content files based on the relat- 
ed decrypted usage control policy data. 
[0232] Also, a data providing system of a 65th aspect 
of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
tribution apparatus, a plurality of management appara- 
tuses, a database device, and a data processing appa- 
ratus, wherein the data providing apparatuses encrypt 
content data by using content key data, produce content 
files storing the related encrypted content data, and 
store the related produced content files in the database 
device, the management apparatuses produce key files 
storing the encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data for the content data provided by corre- 
sponding data providing apparatuses and provide the 
related produced key files to the data processing appa- 
ratus, the data distribution apparatus distributes the 
content files obtained from the database device to the 
data processing apparatus by using a predetermined 
communication protocol but in a format not depending 
upon the related communication protocol or recording 
the same on a storage medium, and the data processing 
apparatus decrypts the content key data and the usage 
control policy data stored in the provided key files and 
determines the handling of the content data stored in 
the distributed content files based on the related de- 
crypted usage control policy data. 
[0233] Also, a data providing system of a 66th aspect 
of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
tribution apparatus, a plurality of management appara- 
tuses, a database device, and a data processing appa- 
ratus, wherein the data providing apparatuses provide 
master sources of content data to corresponding man- 
agement apparatuses and store content files and key 
files received from the related management apparatus- 
es in the database, the management apparatuses en- 
crypt the master sources received from corresponding 
data providing apparatuses by using content key data, 



produce content files storing the related encrypted con- 
tent data, produce key flies storing the encrypted con- 
tent key data and encrypted usage control policy data 
indicating the handling of the content data for the con- 
5 tent data provided by corresponding data providing ap- 
paratuses, and send the produced content files and the 
produced key files to corresponding data providing ap- 
paratuses, the data distribution apparatus distributes 
the content files and key files obtained from the data- 
10 base device to the data processing apparatus by using 
a predetermined communication protocol but in a format 
not depending upon the related communication protocol 
or by recording the same on a storage medium, and the 
data processing apparatus decrypts the content key da- 
15 ta and the usage control policy data stored in the dis- 
tributed key files and determines the handling of thecon- 
tent data stored in the distributed content files based on 
the related decrypted usage control policy data. 
[0234] Also, a data providing system of a 67th aspect 
20 of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
tribution apparatus, a plurality of management appara- 
tuses, a database device, and a data processing appa- 
ratus, wherein the data providing apparatuses provide 
25 master sources of content data to corresponding man- 
agement apparatuses and store content files received 
from the related management apparatuses in the data- 
base, the management apparatuses encrypt the master 
sources received from corresponding data providing ap- 
30 paratuses by using content key data, produce content 
files storing the related encrypted content data, send the 
related produced content files to the data providing ap- 
paratuses, produce key files storing the encrypted con- 
tent key data and encrypted usage control policy data 
35 indicating the handling of the content data for the con- 
tent data provided by corresponding data providing ap- 
paratuses, and send the related produced key files pro- 
vided from the management apparatuses to corre- 
sponding data distribution apparatus, the data distribu- 
te? tion apparatus distributes the content files obtained from 
the database device and key files provided from the 
management apparatuses to the data processing appa- 
ratus by using a predetemnined communication protocol 
but in afomnat not depending upon the related commu- 
45 nication protocol or by recording the same on a storage 
medium, and the data processing apparatus decrypts 
the content key data and the usage control policy data 
stored in the distributed key files and detemriines the 
handling of the content data stored in the distributed 
50 contentf lies based on the related decrypted usage con- 
trol policy data, 

[0235] Also, a data providing system of a 68th aspect 
of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
55 tribution apparatus, a plurality of management appara- 
tuses, a database device, and a data processing appa- 
ratus, wherein the data providing apparatuses provide 
master sources of content data to corresponding man- 
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agement apparatuses and store content files received 
from the related managennent apparatuses in the data- 
base, the management apparatuses encrypt the master 
sources received from corresponding data providing ap- 
paratuses by using content key data, produce content 
files storing the related encrypted content data, send the 
related produced content files to the data providing ap- 
paratuses, produce key files storing the encrypted con- 
tent key data and encrypted usage control policy data 
indicating the handling of the content data for the con- 
tent data provided by corresponding data providing ap- 
paratuses, and send the related produced key files to 
the data processing apparatus, the data distribution ap- 
paratus distributes the content files obtained from the 
database device to the data processing apparatus by 
using a predetemriined communication protocol but in a 
fomnat not depending upon the related communication 
protocol or by recording the same on a storage medium, 
and the data processing apparatus decrypts the content 
key data and the usage control policy data stored in the 
distributed key files and detennines the handling of the 
content data stored in the provided content files based 
on the related decrypted usage control policy data. 
[0236] Also, a data providing system of a 69th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, and a data processing apparatus, wherein the 
data providing apparatus provides a first module storing 
content data encrypted by using content key data, the 
encrypted content key data, and encrypted usage con- 
trol policy data indicating the handling of the content da- 
ta to the data distribution apparatus, performs charge 
processing In units of the content data based on log data 
received from the data processing: apparatus, and per- 
forms a profit distribution processing for distributing the 
profit paid by interested parties of the data processing 
apparatus to interested parties of the related data pro- 
viding apparatus and interested parties of the data dis- 
tribution apparatus, the data distribution apparatus dis- 
tributes a second module storing the encrypted content 
data, content key data, and usage control policy data 
stored in the provided first module to the data process- 
ing apparatus by using a predetennined communication 
protocol but in a format not depending upon the related 
communication protocol or by recording the same on a 
storage medium, and the data processing apparatus de- 
crypts the content key data and the usage control policy 
data stored in the distributed module, detennines the 
handling of the content data based on the related de- 
crypted usage control policy data, produces the log data 
for the handling of the related content data, and sends 
the related log data to the data providing apparatus. 
[0237] Also, a data providing system of a 70th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, and a management apparatus, wherein the da- 
ta providing apparatus provides content data, the data 
distribution apparatus distributes the content file provid- 



ed from the data providing apparatus or a content file in 
accordance with the content data provided by the data 
providing apparatus provided from the management ap- 
paratus to the data processing apparatus, and the data 
5 processing apparatus decrypts the usage control policy 
data stored in a key file received from the data distribu- 
tion apparatus or the management apparatus, deter- 
mines the handling of the content data stored in the con- 
tent file received from the data distribution apparatus or 
10 the management apparatus based on the related de- 
crypted usage control policy data, and further distributes 
the content file and key file received from the data dis- 
tribution apparatus or the management apparatus to the 
other data processing apparatus. 
15 [0238] Also, a data providing method of a 34th aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus, comprising the 
steps of distributing a module storing the content data 

20 encrypted by using content key data, the encrypted con- 
tent key data, and encrypted usage control policy data 
indicating the handling of the content data from the data 
providing apparatus to the data processing apparatus 
by using a predetermined communication protocol but 

25 In a format not depending upon the related communica- 
tion protocol or recording the same on a storage medi- 
um, and in the data processing apparatus, decrypting 
the content key data and the usage control policy data 
stored in the distributed module and determining the 

50 handling of the content data based on the related de- 
crypted usage control policy data. 
[0239] Also, a data providing method of a 35h aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 

35 tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing a key 
file storing encrypted content key data and encrypted 

40 usage control policy data indicating the handling of the 
content data, distributing the produced key file from the 
management apparatus to the data providing appara- 
tus, and distributing a module storing a content file stor- 
ing the content data encrypted by using the content key 

45 data and the key file distributed from the management 
apparatus from the data providing apparatus to the data 
processing apparatus by using a predetermined com- 
munication protocol but in a format not depending upon 
the related communication protocol or recording the 

50 same on a storage medium, and in the data processing 
apparatus, decrypting the content key data and the us- 
age control policy data stored in the distributed module 
and determining the handling of the content data based 
on the related decrypted usage control policy data. 

55 [0240] Also, a data providing method of a 36th aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
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data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the nrianagement apparatus, preparing a key 
file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 5 
content data, in the data providing apparatus, distribut- 
ing a nnodule storing a contentf ile containing the content 
data encrypted by using the content key data and a key 
file received from the management apparatus to the da- 
ta processing apparatus by using a predetermined com- io 
munication protocol but in a format not depending upon 
the related communication protocol or recording the 
same on a storage medium, and in the data processing 
apparatus, decrypting the content key data and the us- 
age control policy data stored in the distributed module ^5 
and determining the handling of the content data based 
on the related decrypted usage control policy data. 
[0241 ] Also, a data providing method of a 37th aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing a key 
file storing encrypted content key data and encrypted 25 
usage control policy data indicating the handling of the 
content data, distributing the related produced key file 
from the management apparatus to the data providing 
apparatus, and individually distributing a content file 
storing the content data encrypted by using the content 30 
key data and the key file distributed from the manage- 
ment apparatus from the data providing apparatus to the 
data processing apparatus by using a predetermined 
communication protocol but in a format not depending 
upon the related communication protocol or recording 35 
the same on a storage medium, and in the data process- 
ing apparatus, decrypting the content key data and the 
usage control policy data stored in the distributed key 
file and determining the handling of the content data 
stored in the distributed content file based on the related 40 
decrypted usage control policy data. 
[0242] Also, a data providing method of a 38th aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the ^5 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing a key 
file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 50 
content data, distributing the related produced key file 
from the management apparatus to the data processing 
apparatus, and distributing a content file storing the con- 
tent data encrypted by using the content key data from 
the data providing apparatus to the data processing ap- 55 
paratus by using a predetermined communication pro- 
tocol but in a format not depending upon the related 
communication protocol or recording the same on a 



storage medium, and in the data processing apparatus, 
decrypting the content key data and the usage control 
policy data stored in the distributed key file and deter- 
mining the handling of the content data stored in the dis- 
tributed content file based on the related decrypted us- 
age control policy data. 

[0243] Also, a data providing method of a 39th aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing a key 
file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data, in the data providing apparatus, distribut- 
ing a module storing the content data encrypted by using 
the content key data and the key file received from the 
management apparatus to the data processing appara- 
tus by using a predetermined communication protocol 
but in a format not depending upon the related commu- 
nication protocol or recordingthe same on a storage me- 
dium, and in the data processing apparatus, decrypting 
the content key data and the usage control policy data 
stored in the distributed module and determining the 
handling of the content data based on the related de- 
crypted usage control policy data. 
[0244] Also, a data providing method of a 40th aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing a key 
file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data, in the data providing apparatus, individu- 
ally distributing the content data encrypted by using the 
content key data and the key file received from the man- 
agement apparatus to the data processing apparatus by 
using a predetermined communication protocol but in a 
format not depending upon the related communication 
protocol or recording the same on a storage medium, 
and in the data processing apparatus, decrypting the 
content key data and the usage control policy data 
stored in the distributed key file and detemnining the 
handling of the distributed content data based on the 
related decrypted usage control policy data. 
[0245] Also, a data providing method of a 41 st aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing a key 
file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data and distributing the related produced key 



29 



1 132828 A 1 I > 



57 



EP 1 132 828 A1 



58 



file to the data processing apparatus, in the data provid- 
ing apparatus, distributing the content data encrypted 
by using the content key data to the data processing ap- 
paratus by using a predetemriined conamunication pro- 
tocol but in a format not depending upon the related 
communication protocol or recording the same on a 
storage medium, and in the data processing apparatus, 
decrypting the content key data and the usage control 
policy data stored in the distributed key file and deter- 
mining the handling of the distributed content data 
based on the related decrypted usage control policy da- 
ta. 

[0246] Also, a data providing method of a 42nd aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing en- 
crypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 
in the data providing apparatus, individually distributing 
the content data encrypted by using the content key data 
and the encrypted content key data and the encrypted 
usage control policy data received from the manage- 
ment apparatus to the data processing apparatus by us- 
ing a predetermined communication protocol but in a 
fomnat not depending upon the related communication 
protocol or recording the same on a storage medium, 
and in the data processing apparatus, decrypting the 
distributed content key data and the usage control policy 
data and determining the handling of the content data 
stored in the distributed content file based on the related 
decrypted usage control policy data. 
[0247] Also, a data providing method of a 43rd aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing en- 
crypted content key data and encrypted usage control 
policy data indicating the handling of the content data 
and distributing the same to the data processing appa- 
ratus, in the data providing apparatus, distributing the 
content data encrypted by using the content key data to 
the data processing apparatus by using a predeter- 
mined communication protocol but in a format not de- 
pending upon the related communication protocol or re- 
cording the same on a storage medium, and in the data 
processing apparatus, decrypting the distributed con- 
tent key data and the usage control policy data and de- 
tenmining the handling of the distributed content data 
based on the related decrypted usage control policy da- 
ta. 

[0248] Also, a data providing method of a 44th aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 



tus, and a data processing n-paratus, comprising the 
steps of providing a first module storing content data en- 
crypted by using content key data, encrypted the con- 
tent key data, and encrypted usage control policy data 
5 indicating the handling of the content data from the data 
providing apparatus to the data distribution apparatus, 
distributing a second module storing the encrypted con- 
tent data, content key data, and the usage control policy 
data stored in the provided the first module from the data 

10 distribution apparatus to the data processing apparatus 
by using the content key data to the data processing ap- 
paratus by using a predetemnined communication pro- 
tocol but in a format not depending upon the related 
communication protocol or recording the same on a 

^5 storage medium, and in the data processing apparatus, 
decrypting the content key data and the usage control 
policy data stored in the distributed second module and 
detemnining the handling of the content data based on 
the related decrypted usage control policy data. 

20 [0249] Also, a data providing method of a 45th aspect 
of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 

25 processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
preparing a key file storing encrypted content key data 

30 and encrypted usage control policy data indicating the 
handling of the content data, disti-ibuting the related pro- 
duced key file from the management apparatus to the 
data providing apparatus, providing a first module stor- 
ing a content file storing the content data encrypted by 

35 usingthecontentkey dataandthekeyfilereceivedfrom 
the management apparatus from the data providing ap- 
paratus to the data distribution apparatus, and distribut- 
ing a second module storing the provided content file 
and the key file from the data distribution apparatus to 

^0 the data processing apparatus by using a predeter- 
mined communication protocol but in a format not de- 
pending upon the related communication protocol or re- 
cording the same on a storage medium, and in the data 
processing apparatus, decrypting the content key data 
and the usage control policy data stored in the distrib- 
uted second module and detemnining the handling of the 
content data stored in the distributed second module 
based on the related decrypted usage control policy da- 
ta. 

50 [0250] Also, a data providing method of a 46th aspect 
of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 

55 processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus and the data 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
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preparing a key file storing encrypted content key data 
and encrypted usage control policy data indicating the 
handling of the content data, in the data providing ap- 
paratus, providing a first module storing a content file 
containing the content data encrypted by using the con- 
tent key data and a key file received fronn the manage- 
ment apparatus to the data distribution apparatus, In the 
data distribution apparatus, distributing a second mod- 
ule storing the provided content file to the data process- 
ing apparatus by using a predetermined communication 
protocol but in a format not depending upon the related 
communication protocol or recording the same on a 
storage medium, and in the data processing apparatus, 
decrypting the content key data and the usage control 
policy data stored in the distributed second module and 
determining the handling of the content data stored in 
the distributed second module based on the related de- 
crypted usage control policy data. 
[0251 ] Also, a data providing method of a 47th aspect 
of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
preparing a key file storing encrypted content key data 
and encrypted usage control policy data indicating the 
handling of the content data, distributing the produced 
key file from the management apparatus to the data pro- 
viding apparatus, individually providing a content file 
storing the content data encrypted by using the content 
key data and the key file received from the management 
apparatus from the data providing apparatus to the data 
distribution apparatus by using a predetermined com- 
munication protocol but in a format not depending upon 
the related communication protocol or recording the 
same on a storage medium, and individually distributing 
the distributed content file and the key file from the data 
distribution apparatus to the data distribution apparatus, 
and In the data processing apparatus, decrypting the 
content key data and the usage control policy data 
stored in the distributed key file and determining the 
handling of the content data stored in the distributed 
content file based on the related decrypted usage con- 
trol policy data. 

[0252] Also, a data providing method of a 48th aspect 
of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus and managing the data 
providing apparatus and the data processing apparatus 
by a management apparatus, comprising the steps of, 
in the management apparatus, preparing a key file stor- 
ing encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, distributing the related produced key file from the 
management apparatus to the data processing appara- 



tus, providing a content file storing the content data en- 
crypted by using the content key data from the data pro- 
viding apparatus to the data distribution apparatus, dis- 
tributing the provided content file from the data distribu- 

5 tion apparatus to the data processing apparatus by us- 
ing a predetermined communication protocol but in a 
format not depending upon the related communication 
protocol or recording, the same on a storage medium, 
and in the data processing apparatus, decrypting the 

10 content key data and the usage control policy data 
stored in the distributed key file and detemninlng the 
handling of the content data stored in the distributed 
content file based on the related decrypted usage con- 
trol policy data. 

15 [0253] Also, a data providing method of a 49th aspect 
of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 

20 processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
preparing a key file storing encrypted content key data 

25 and encrypted usage control policy data indicating the 
handling of the content data, in the data providing ap- 
paratus, providing a first module storing the content data 
encrypted by usingthecontent key data and the key file 
received from the management apparatus to the data 

30 distribution apparatus, in the data distribution appara- 
tus, distributing a second module storing the provided 
content data and the key file to the data processing ap- 
paratus by using a predetemnlned communication pro- 
tocol but in a format not depending upon the related 

35 communication protocol or recording the same on a 
storage medium, and in the data processing apparatus, 
decrypting the content key data and the usage control 
policy data stored in the distributed second module and 
detemninlng the handling of the content data stored in 

40 the distributed second module based on the related de- 
crypted usage control policy data. 
[0254] Also, a data providing method of a 50th aspect 
of the present Invention is a data providing method for 
providing content data from a data providing apparatus 

45 to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 

50 comprising the steps of, in the management apparatus, 
preparing a key file storing encrypted content key data 
and encrypted usage control policy data indicating the 
handling of the content data, in the data providing ap- 
paratus, individually providing the content data encrypt- 

55 ed by using the content key data and the key file re- 
ceived from the management apparatus to the data dis- 
tribution apparatus, in the data distribution apparatus, 
individually distributing the distributed content data and 
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the key file to the data distribution apparatus by using a 
predetemnined communication protocol but in a fonnat 
not depending upon the related communication protocol 
or recording the same on a storage medium, and in the 
data processing apparatus, decrypting the content key 
data and the usage control policy data stored in the dis- 
tributed key file and detemiining the handling of the dis- 
tributed content data based on the related decrypted us- 
age control policy data. 

[0255] Also, a data providing method of a 51 st aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus^ preparing a key 
file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data and distributing the related produced key 
file to the data processing apparatus, in the data provid- 
ing apparatus, providing the content data encrypted by 
using the content key data to the data distribution appa- 
ratus, in the data distribution apparatus, distributing the 
provided content data to the data processing apparatus, 
and in the data processing apparatus, decrypting the 
content key data and the usage control policy data 
stored in the distributed key file and determining the 
handling of the distributed content data based on the 
related decrypted usage control policy data. 
[0256] Also, a data providing method of a 52nd aspect 
of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
providing encrypted content key data and encrypted us- 
age control policy data indicating the handling of the 
content data to the data providing apparatus, in the data 
providing apparatus, individually distributing the content 
data encrypted by using the content key data and the 
encrypted content key data and the encrypted usage 
control policy data received from the management ap- 
paratus to the data distribution apparatus, in the data 
distribution apparatus, individually distributing the dis- 
tributed content data, the encrypted content key, data, 
and the encrypted usage control policy data to the data 
distribution apparatus by using a predetermined com- 
munication protocol but in a format not depending upon 
the related communication protocol or recording the 
same on a storage medium, and in the data processing 
apparatus, decrypting the distributed content key data 
and the usage control policy data and detemninrng the 
handling of the distributed content data based on the 
related decrypted usage control policy data. 
[0257] Also, a data providing method of a 53rd aspect 



of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
5 processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
distributing encrypted content key data and encrypted 

10 usage control policy data indicating the handling of the 
content data to the data processing apparatus, in the 
data providing apparatus, providing the content data en- 
crypted by using the content key data to the data distri- 
bution apparatus, the data distribution apparatus distrib- 

15 uting the provided content data to the data processing 
apparatus by using a predetermined communication 
protocol but in a fonnat not depending upon the related 
communication protocol by recording the same on a 
storage medium, and in the data processing apparatus, 

20 decrypting the distributed content key data and the us- 
age control policy data and determining the handling of 
the distributed content data based on the related de- 
crypted usage control policy data. 
[0258] Also, a data providing method of a 54th aspect 

25 of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 
tus, a management apparatus, and a data processing 
apparatus, wherein the data providing apparatus pro- 
vides master source data of content to the management 

30 apparatus, the management apparatus manages the 
data providing apparatus, the data distribution appara- 
tus, and the data processing apparatus, encrypts the 
provided master source data by using content key data 
to produce content data, produces a content file storing 

35 the related content data, produces a key file storing the 
encrypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 
and provides the content file and the key file to the data 
distribution apparatus, the data distribution apparatus 

40 distributes the provided content file and the key file to 
the data processing apparatus by using a predeter- 
mined communication protocol but in a format not de- 
pending upon the related communication protocol or by 
recording the same on a storage medium, and the data 

45 processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key file and determines the handling of the content data 
stored in the distributed content file based on the related 
decrypted usage control policy data. 

50 [0259] Also, a data providing method of a 55th aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 
tus, a management apparatus, and a data processing 
apparatus, wherein the data providing apparatus pro- 

55 vides master source data of content to the management 
apparatus, the management apparatus manages the 
data providing apparatus, the data distribution appara- 
tus, and the data processing apparatus, encrypts the 
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provided master source data by using content key data 
to produce content data, produces a content file storing 
the related content data, produces a key file storing the 
encrypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 
and provides the content file to the data distribution ap- 
paratus and provides the key file to the data processing 
apparatus, the data distribution apparatus distributes 
the provided content file to the data processing appara- 
tus by using a predetermined communication protocol 
but in a format not depending upon the related commu- 
nication protocol or by recording the same on a storage 
medium, and the data processing apparatus decrypts 
the content key data and the usage control policy data 
stored in the provided key file and determines the han- 
dling of the content data stored in the distributed content 
file based on the related decrypted usage control policy 
data. 

[0260] Also, a data providing method of a 56th aspect 
of the present Invention is a data providing method using 
a data providing apparatus, a data distribution appara- 
tus, a management apparatus, and a data processing 
apparatus, wherein the data providing apparatus pro- 
vides a content file storing encrypted content data using 
content key data to the management apparatus, the 
management apparatus manages the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus, produces a key file storing the 
encrypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 
and provides the content file provided from the data pro- 
viding apparatus and the produced key file to the data 
distribution apparatus, the data distribution apparatus 
distributes the provided content file and the key file to 
the data processing apparatus by using a predeter- 
mined communication protocol but in a format not de- 
pending upon the related communication protocol or by 
recording the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key file and determines the handling of the content data 
stored in the distributed content file based on the related 
decrypted usage control policy data. 
[0261] Also, a data providing method of a 57th aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 
tus, a management apparatus, and a data processing 
apparatus, wherein the data providing apparatus pro- 
vides a content file storing encrypted content data using 
content key data to the management apparatus, the 
management apparatus manages the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus, produces a key file storing the 
encrypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 
provides the content file provided from the data provid- 
ing apparatus to the data distribution apparatus and pro- 
vides the produced key file to the data processing ap- 



paratus, the data distribution apparatus distributes the 
provided content file to the data processing apparatus 
by using a predetermined communication protocol but 
in a format not depending upon the related communica- 

5 tion protocol or by recording the same on a storage me- 
dium, and the data processing apparatus decrypts the 
content key data and the usage control policy data 
stored in the provided key file and detennines the han- 
dling of the content data stored in the distributed content 

10 file based on the related decrypted usage control policy 
data. 

[0262] Also, a data providing method of a 58th aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 

15 tus, a management apparatus, a database device, and 
adataprocessing apparatus, wherein the data providing 
apparatus encrypts content data by using content key 
data, produces a content file storing the related encrypt- 
ed content data, and stores the related produced con- 

20 tent file and a key file provided from the management 
apparatus in the database device, the management ap- 
paratus produces a key file storing the encrypted con- 
tent key data and encrypted usage control policy data 
indicating the handling of the content data and provides 

25 the related produced key file to the data providing ap- 
paratus, the data distribution apparatus distributes the 
content file and key file obtained from the database de- 
vice to the data processing apparatus by using a prede- 
termined communication protocol but in a format notde- 

30 pending upon the related communication protocol or by 
recording the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key file and detennines the handling of the content data 

35 stored in the distributed content file based on the related 
decrypted usage control policy data. 
[0263] Also, a data providing method of a 59th aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 

40 tus, a management apparatus, a database device, and 
a data processing apparatus, wherein the data providing 
apparatus encrypts content data by using content key 
data, produces a content file storing the related encrypt- 
ed content data, and stores the related produced con- 

45 tent file in the database device, the management appa- 
ratus produces a key file storing the encrypted content 
key data and encrypted usage control policy data indi- 
cating the handling of the content data and provides the 
related produced key file to the data distribution appa- 

50 ratus, the data distribution apparatus distributes the 
content file obtained from the database device and the 
key file provided from the data distribution apparatus to 
the data processing apparatus by using a predeter- 
mined communication protocol but in a fomnat not de- 

55 pending upon the related communication protocol or by 
recording the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
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key file and determines the handling of the content data 
stored in the distributed content file based on the related 
decrypted usage control policy data. 
[0264] Also, a data providing method of a 60th aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 
tus, a management apparatus, a database device, and 
a data processing apparatus, wherein the data providing 
apparatus encrypts content data by using content key 
data, produces a content file storing the related encrypt- 
ed content data, and stores the related produced con- 
tent file in the database device, the management appa- 
ratus produces a key file storing the encrypted content 
key data and encrypted usage control policy data indi-. 
eating the handling of the content data and provides the 
related produced key file to the data processing appa- 
ratus, the data distribution apparatus distributes the 
content file obtained from the database device to the da- 
ta processing apparatus by using a predetermined com- 
munication protocol but in a format not depending upon 
the related communication protocol or by recording the 
same on a storage medium, and the data processing 
apparatus decrypts the content key data and the usage 
control policy data stored in the provided key file and 
detemnines the handling of the content data stored in 
the distributed content file based on the related decrypt- 
ed usage control policy data. 

[0265] Also, a data providing method of a 61 st aspect 
of the present invention is a data providing method using 
a plurality of data providing apparatuses, a data distri- 
bution apparatus, a plurality of management apparatus- 
es, a database device, and a data processing appara- 
tus, wherein the data providing apparatuses encrypt 
content data by using content key data, produce content 
files storing the related encrypted content data, and 
store the related produced content files and key files 
provided from corresponding management apparatus- 
es in the database device, the management apparatus- 
es produce key files storing the encrypted content key 
data and encrypted usage control policy data indicating 
the handling of the content data for the content data pro- 
vided by corresponding data providing apparatuses and 
provide the related produced key files to corresponding 
data providing apparatuses, the data distribution appa- 
ratus distributes the content files and key files obtained 
from the database device to the data processing appa- 
ratus by using a predetermined communication protocol 
but in a format not depending upon the related commu- 
nication protocol or by recording the same on a storage 
medium, and the data processing apparatus decrypts 
the content key data and the usage control policy data 
stored in the distributed key files and detemnines the 
handling of the content data stored in the distributed 
content files based on the related decrypted usage con- 
trol policy data. 

[0266] Also, a data providing method of a 62nd aspect 
of the present invention Is a data providing method using 
a plurality of data providing apparatuses, a data distri- 



bution apparatus, a plurality of management apparatus- 
es, a database device, and a data processing appara- 
tus, wherein the data providing apparatuses encrypt 
content data by using content key data, produce content 
5 files storing the related encrypted content data, and 
store the related produced content files in the database 
device, the management apparatuses produce key files 
storing the encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
10 content data for the content data provided by corre- 
sponding data providing apparatuses and provide the 
related produced key files to the data distribution appa- 
ratus, the data distribution apparatus distributes the 
content files obtained from the database device and the 
15 key files provided from the management apparatuses to 
the data processing apparatus by using a predeter- 
mined communication protocol but in a format not de- 
pending upon the related communication protocol or by 
recording the same on a storage medium, and the data 
20 processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key files and detemnines the handling of the content data 
stored in the distributed content files based on the relat- 
ed decrypted usage control policy data. 
25 [0267] Also, a data providing method of a 63rd aspect 
of the present invention is a data providing method using 
a plurality of data providing apparatuses, a data distri- 
bution apparatus, a plurality of management apparatus- 
es, a database device, and a data processing appara- 
30 tus, wherein the data providing apparatuses encrypt 
content data by using content key data, produce content 
files storing the related encrypted content data, and 
store the related produced content files in the database 
device, the management apparatuses produce key files 
55 storing the encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data for the content data provided by corre- 
sponding data providing apparatuses and provide the 
related produced key files to the data processing appa- 
40 ratus, the data distribution apparatus distributes the 
content files obtained from the database device to the 
data processing apparatus by using a predetemiined 
communication protocol but in a format not depending 
upon the related communication protocol or by record- 
45 ing the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the provided key 
files and detennines the handling of the content data 
stored in the distributed content files based on the relat- 
50 ed decrypted usage control policy data. 

[0268] Also, a data providing method of a 64th aspect 
of the present invention is a data providing method using 
a plurality of data providing apparatuses, a data distri- 
bution apparatus, a plurality of management apparatus- 
es es, a database device^ and a data processing appara- 
tus, wherein the data providing apparatuses provide 
master sources of content data to corresponding man- 
agement apparatuses and store content files and key 
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files received from the related management apparatus- 
es in the database, the management apparatuses en- 
crypt the master sources received from con-esponding 
data providing apparatuses by using content key data, 
produce content files storing the related encrypted con- 
tent data, produce key files storing the encrypted con- 
tent key data and encrypted usage control policy data 
indicating the handling of the content data for the con- 
tent data provided by corresponding data providing ap- 
paratuses, and send the produced content files and the 
produced key files to corresponding data providing ap- 
paratuses, the data distribution apparatus distributes 
the content files and key files obtained from the data- 
base device to the data processing apparatus by using 
a predetermined communication protocol but in aformat 
not depending upon the related communication protocol 
or by recording the same on a storage nnedium, and the 
data processing apparatus decrypts the content key da- 
ta and the usage control policy data stored in the dis- 
tributed key files and determines the handling of the con- 
tent data stored in the distributed content files based on 
the related decrypted usage control policy data. 
[0269] Also, a data providing method of a 65th aspect 
of the present invention is a data providing method using 
a plurality of data providing apparatuses, a data distri- 
bution apparatus, a plurality of management apparatus- 
es, a database device, and a data processing appara- 
tus, wherein the data providing apparatuses provide 
master sources of content data to corresponding man- 
agement apparatuses and store content files received 
from the related management apparatuses in the data- 
base, the management apparatuses encrypt the master 
sources received from corresponding data providing ap- 
paratuses by using content key data, produce content 
files storing the related encrypted content data, send the 
related produced content files to the data providing ap- 
paratuses, produce key files storing the encrypted con- 
tent key data and encrypted usage control policy data 
indicating the handling of the content data for the con- 
tent data provided by corresponding data providing ap- 
paratuses, send the related produced key files to corre- 
sponding data distribution apparatus, the data distribu- 
tion apparatus distributes the content files obtained from 
the database device and the key files provided from the 
management apparatuses to the data processing appa- 
ratus by using a predetermined communication protocol 
but in a format not depending upon the related commu- 
nication protocol or by recording the same on a storage 
medium, and the data processing apparatus decrypts 
the content key data and the usage control policy data 
stored in the distributed key files and determines the 
handling of the content data stored in the distributed 
content files based on the related decrypted usage con- 
trol policy data. 

[0270] Also, a data providing method of a 66th aspect 
of the present invention is a data providing method using 
a plurality of data providing apparatuses, a data distri- 
bution apparatus, a plurality of management apparatus- 



es, a database device^ and a data processing appara- 
tus, wherein the data providing apparatuses provide 
master sources of content data to con^esponding man- 
agement apparatuses and store content files received 
5 from the related management apparatuses in the data- 
base, the management apparatuses encrypt the master 
sources received from corresponding data providing ap- 
paratuses by using content key data, produce content 
files storing the related encrypted content data, send the 
10 related produced content files to the data providing ap- 
paratuses, produce key files storing the encrypted con- 
tent key data and encrypted usage control policy data 
indicating the handling of the content data for the con- 
tent data provided by corresponding data providing ap- 
15 paratuses, and provide the related produced key files to 
the data processing apparatus, the data distribution ap- 
paratus distributes the content files obtained from the 
database device to the data processing apparatus by 
using a predetermined communication protocol but in a 
20 format not depending upon the related communication 
protocol or by recording the same on a storage medium, 
and the data processing apparatus decrypts the content 
key data and the usage control policy data stored in the 
provided key files and determines the handling of the 
25 content data stored in the distributed contentfiles based 
on the related decrypted usage control policy data. 
[0271] Also, a data providing method of a 67th aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 
30 tus, and a data processing apparatus, wherein the data 
providing apparatus provides a first module storing con- 
tent data encrypted by using content key data, the en- 
crypted content key data, and encrypted usage control 
policy data indicating the handling of the content data to 
35 the data distribution apparatus, performs charge 
processing in units of the content data based on log data 
received from the data processing apparatus, performs 
profit distribution processing for distributing the profit 
paid by interested parties of the data processing appa- 
40 ratus to interested parties of the related data providing 
apparatus and interested parties of the data distribution 
apparatus, the data distribution apparatus distributes a 
second module storing the encrypted content data, con- 
tent key data and usage control policy data stored in the 
45 provided first module to the data processing apparatus 
by using a predetermined communication protocol but 
in a format not depending upon the related communica- 
tion protocol or by recording the same on a storage me- 
dium, and the data processing apparatus decrypts the 
50 content key data and the usage control policy data 
stored in the distributed module, determines the han- 
dling of the content data based on the related decrypted 
usage control policy data, produces the log data for the 
handling of the related content data and sends the re- 
55 lated log data to the data providing apparatus. 

[0272] Also, a data providing method of a 68th aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 
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tus, a data processing apparatus, and a nnanagement 
apparatus, wherein the data providing apparatus pro- 
vides content data, the data distribution apparatus dis- 
tributes the content file provided from the data providing 
apparatus or a content file in accordance with the con- s 
tent data provided by the data providing apparatus re- 
ceived from the management apparatus to the data 
processing apparatus, and the data processing appara- 
tus decrypts the usage control policy data stored in the 
key file received from the data distribution apparatus or io 
the management apparatus, detemnines the handling of 
the content data stored in the content file received from 
the data distribution apparatus or the management ap- 
paratus based on the related decrypted usage control 
policy data, and further distributes the content file and is 
key file received from the data distribution apparatus or 
the management apparatus to the other data processing 
apparatus. 

[0273] Also, a data providing system of a 71st aspect 
of the present invention is a data providing system for 20 
distributing content data from a data providing appara- 
tus to a data processing apparatus, wherein the data 
providing apparatus distributes a module storing con- 
tent data encrypted by using content key data, the en- 
crypted content key data, and encrypted usage control 25 
policy data indicating the handling of the content data in 
a fomnat not depending upon at least one among exist- 
ence of a compression of the content data, a compres- 
sion method, a method of the encryption, and parame- 
ters of a signal giving the content data to the data 30 
processing apparatus by using a predetemnined com- 
munication protocol but in a format not depending upon 
the related communication protocol or by recording the 
same on a storage medium, and the data processing 
apparatus decrypts the content key data and the usage 35 
control policy data stored in the distributed module and 
detennines the handling of the content data based on 
the related decrypted usage control policy data. 
[0274] Also, a data providing system of a 72nd aspect 
of the present invention is a data providing system hav- 40 
ing a data providing apparatus, a data distribution ap- 
paratus, and a data processing apparatus, wherein the 
data providing apparatus distributes a first module stor- 
ing content data encrypted by using content key data, 
the encrypted content key data, and encrypted usage 45 
control policy data indicating the handling of the content 
data in a format not depending upon at least one among 
existence of compression of the content data, a com- 
pression method, a method of the encryption, and pa- 
rameters of a signal giving the content data to the data so 
distribution apparatus, the data distribution apparatus 
distributes a second module storing the encrypted con- 
tent data, content key data, and the usage control policy 
data stored in the provided first module to the data 
processing apparatus by using a predetemnined com- 55 
munication protocol but in a format not depending upon 
the related communication protocol or by recording the 
same on a storage medium, and the data processing 



apparatus decrypts the content key data and the usage 
control policy data stored in the distributed second mod- 
ule and detenmines the handling of the content data 
based on the related decrypted usage control policy da- 
ta. 

[0275] Also, a data providing system of a 73rd aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, and a data processing apparatus, wherein the 
data providing apparatus distributes a first module stor- 
ing content data encrypted by using content key data, 
the encrypted content key data, and encrypted usage 
control policy data indicating the handling of the content 
data to the data distribution apparatus, the data distri- 
bution apparatus encrypts a plurality of second modules 
storing the encrypted content data, content key data, 
and the usage control policy data stored in the provided 
first module by using a common key obtained by mutual 
certification with the data processing apparatus, and 
then distributes the same to the data processing appa- 
ratus by using a predetermined communication protocol 
but in a fomnat not depending upon the related commu- 
nication protocol, and the data processing apparatus 
has a first processing circuit for decrypting the distribut- 
ed plurality of second modules by using the common 
key, selecting a single or a plurality of second modules 
from among the related decrypted plurality of second 
modules, and performing charge processing with re- 
spect to a distribution service of the second modules 
and a tamper resistant second processing circuit receiv- 
ing the selected the second modules, decrypting the 
content key data and the usage control policy data 
stored in the related second modules, and detemnining 
the handling of the content data based on the related 
decrypted usage control policy data. 

BRIEF DESCRIPTION OF THE DRAWINGS 
[0276] 

Fig. 1 is a view of the overall configuration of an 
EMD system of a first embodiment of the present 
invention. 

Fig. 2 is a view for explaining a concept of a secure 
container of the present invention, 
Fig. 3 is afunctional block diagram of a content pro- 
vider shown in Fig. 1 and a view of a flow of data 
related to data transmitted and received with a SAM 
of a user home network. 

Fig. 4 is a functional block diagram of the content 
provider shown in Fig. 1 and a view of the flow of 
data related to the data transmitted and received 
between the content provider and an EMD service 
center, 

Figs. 5A to 5C are views for explaining a fonnat of 
the s^ure container transmitted from the content 
provider shown in Fig. 1 to the SAM, 
Fig. 6 is a view for explaining data contained in a 
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content file shown in Fig. 5 in detail, 

Fig. 7 is a view for explaining data contained in a 

key file shown in Fig. 6 in detail, 

Fig. 8 is a view for explaining a header data stored 

in the content file, 5 

Fig. 9 is a view for explaining a content ID, 

Fig. 1 0 is a view for explaining a directory structure 

of the secure container. 

Fig. 11 is a view for explaining a hyper link structure 
of the secure container, io 
Fig. 12 is a view for explaining a first example of 
ROM type storage medium used in the present em- 
bodiment, 

Fig. 13 is a view for explaining a second example 

of the ROM type storage medium used in the ^5 

present embodiment, 

Fig. 14 is a view for explaining a third example of 
the ROM type storage medium used in the present 
embodiment, 

Fig. 15 is a view for explaining a first example of 
RAM type storage medium used in the present em- 
bodiment. 

Fig. 16 is a view for explaining a second example 
of the RAM type storage medium used in the 
present embodiment, 

Fig. 17 is a view for explaining a third example of 
the RAM type storage medium used in the present 
embodiment, 

Fig. 18 is a view for explaining a registration request 
use module transmitted from the content provider 30 
to the EMD service center, 

Fig. 1 9 is a flowchart showing a routine of process- 
ing for registration from the content provider to the 
EMD service center, 

Fig. 20 is a flowchart showing a routine of process- -35 
ing for preparation of an explanation in the content 
provider, 

Fig. 21 is a flowchart showing a routine of process- 
ing for preparation of an explanation in the content 
provider, 40 
Fig. 22 is a flowchart showing a routine of process- 
ing for preparation of an explanation in the content 
provider. 

Fig. 23 is a functional block diagram of the EMD 
service center shown In Fig. 1 and a view of the flow 45 
of the data related to the data transmitted and re- 
ceived with the content provider. 
Fig. 24 is a functional block diagram of the EMD 
service center shown in Fig. 1 and a view of the flow 
of the data related to the data transmitted and re- 50 
ceived between the SAM and a settlement manager 
shown in Fig. 1 , 

Fig. 25 is a view of the configuration of network ap- 
paratuses in the user home network shown in Fig. 1 , 
Fig. 26 is a functional block diagram of a SAM in the 55 
user home network shown in Fig. 1 and a view of 
the flow of the data until the secure container re- 
ceived from the content provider is decrypted, 



Fig. 27 is a view for explaining data stored in an ex- 
ternal memory shown in Fig. 25, 
Fig. 28 is a view for explaining data stored in a stack 
memory, 

Fig. 29 is another view of the configuration of the 
network apparatus in the user home network shown 
in Fig. 1 , 

Fig. 30 is a view for explaining data stored in a stor- 
age unit shown in Fig. 26, 

Fig. 31 is a functional block diagram of the SAM in 
the user home network shown in Fig. 1 and a view 
of the flow of the data related to processing for using 
and/or purchasing the content data, 
Fig. 32 is a viewfor explaining the flow of processing 
in a transferring side SAM in a case where the con- 
tent file which is downloaded on a download mem- 
ory of the network apparatus shown in Fig. 25 and 
with a purchase form already determined therefor 
is transferred to the SAM of an AV apparatus. 
Fig. 33 is a view of the flow of the data in the trans- 
ferring side SAM in the case shown in Fig. 32^ 
Figs. 34Ato 34D are views for explaining the format 
of the secure container for which the purchase form 
is detennined, 

Fig. 35 is a view of the flow of the data when writing 
the input content file etc. in a RAM type or ROM type 
storage medium in the transferring side SAM in the 
case shown in Fig. 32, 

Fig. 36 is a viewfor explaining the flow of processing 
when determining the purchase form in an AV ap- 
paratus in a case where the user home network is 
receives the ROM type storage medium shown in 
Fig. 7 for which the purchase fomn of the content 
has not been determined off-line, 
Fig. 37 is a view of the flow of the data in the SAM 
in the case shown in Fig. 36, 
Fig. 38 is a viewfor explaining the flow of processing 
when reading the secure container from the ROM 
type storage medium with the purchase form not yet 
determined in the AV apparatus in the user home 
network, transferring this to another AV apparatus, 
and writing the same in a RAM type storage medi- 
um, 

Fig. 39 is a view of the flow of the data in the trans- 
ferring side SAM in the case shown in Fig. 38. 
Figs. 40A to 40C are views for explaining the fonnat 
of the secure container transferred from the trans- 
ferring side SAM to a transferred side SAM in Fig. 
38, 

Fig. 41 is a view of the flow of data in the transferred 
side SAM in the case shown in Fig. 38, 
Figs. 42A to 42F are views for explaining the format 
of the data transmitted and received among the 
content provider shown in Fig. 1 , EMD service cent- 
er, and SAM by an In-band method, and an out-of- 
band method, 

Figs. 43G to 43J are views for explaining the format 
of the data transmitted and received among the 
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content provider shown in Fig. 1, EM D service cent- 
er, and SAM by the in-band method and the out-of- 
band method, 

Fig. 44 is a view forexplaining an example of a con- 
nection configuration of apparatuses to buses in the 5 
user home network, 

Fig. 45 is a view for explaining the data format of a 
SAM registration list produced by a SAM, 
Fig. 46 is a view for explaining the data fomnat of 
the SAM registration list produced by the EMD serv- fo 
ice center, 

Fig. 47 is a flowchart of the overall operation of the 
content provider shown in Fig. 1 , 
Fig. 48 is a view for explaining an example of a de- 
livery protocol of the secure container used in the 15 
EMD system of a first embodiment, 
Fig. 49 is a view for explaining a second modifica- 
tion of the first embodiment of the present invention, 
Fig. 50 is a view for explaining a third modification 
of the first embodiment of the present invention, 
Fig. 51 is a view for explaining a case where a first 
procedure is employed in a fourth modification of 
the first embodiment of the present invention, 
Fig. 52 is a view for explaining a case where a sec- 
ond procedure is employed in a fourth modification 25 
of the first embodiment of the present invention, 
Fig. 53 is a view for explaining a fifth modification 
of the first embodiment of the present invention, 
Fig. 54 is a view for explaining a first pattern of a 
sixth modification of the first embodiment of the 30 
present invention, 

Fig. 55 is a view for explaining a second pattern of 
a sixth modification of the first embodiment of the 
present invention, 

Fig. 56 is a view for explaining a third pattern of a 35 
sixth modification of the first embodiment of the 
present invention, 

Fig. 57 is a view for explaining a fourth pattern of a 
sixth modification of the first embodiment of the 
present invention, 40 
Fig. 58 is a view for explaining a fifth pattem of a 
sixth modification of the first embodiment of the 
present invention, 

Fig. 59 is an overall view of the configuration of the 
EMD system of a second embodiment of the ^5 
present invention, 

Fig. 60 is a functional block diagram of the content 
provider shown in Fig. 59 and a view of the flow of 
the data related to the secure container transmitted 
to a service provider, so 
Fig. 61 is a flowchart showing a routine of process- 
ing for delivery of the secure container perfonned 
in the content provider, 

Fig. 62 is a flowchart showing a routine of the 
processing for delivery of the secure container per- 55 
formed in the content provider. 
Fig. 63 is a functional block diagram of the service 
provider shown in Fig. 59 and a view of the flow of 



the data transmitted and received with the user 
home network, 

Fig. 64 is a flowchart showing a routine of the 
processing for preparation of the secure container 
performed in the service provider, 
Figs. 65Ato 65D are views for explaining the fonmat 
of the secure container transmitted from the service 
provider shown in Fig. 59 to the user home network, 
Fig. 66 is a view for explaining atransmission fomnat 
of the content file stored in the secure container 
shown in Fig. 65, 

Fig. 67 is a view for explaining the transmission for- 
mat of the key file stored in the secure container 
shown in Fig. 65, 

Fig. 68 is a functional block diagram of the service 
provider shown in Fig. 59 and a view of the flow of 
the data transmitted and received with the EMD 
service center, 

Fig. 69 is a view for explaining the format of a price 
tag registration request use module transmitted 
from the service providerto the EMD service center, 
Fig. 70 is a functional block diagram of the EMD 
service center shown in Fig. 59 and a view of the 
flow of the data related to the data transmitted and 
received with the service provider, 
Fig. 71 is a functional block diagram of the EMD 
service center shown in Fig. 59 and a view of the 
flow of the data related to the data transmitted and 
received with the content provider, 
Fig. 72 is a functional block diagram of the EMD 
service center shown in Fig. 59 and a view of the 
flow of the data related to the data transmitted and 
received with the SAM, 

Fig. 73 is a view for explaining contents of usage 
log data, 

Fig. 74 is a view of the configuration of the network 
apparatus shown in Fig. 59. 
Fig. 75 is afunctional block diagram of a CA module 
shown in Fig. 74, 

Fig. 76 is a functional block diagram of the SAM 
shown in Fig. 74 and a view of the flow of the data 
from the input of the secure containerto decryption, 
Fig. 77 is a view for explaining the data stored in the 
storage unit shown in Fig. 76, 
Fig. 78 is a functional block diagram of the SAM 
shown in Fig. 74 and a view of the flow of the data 
in a case where a purchase and/or usage form of 
the content etc. are determined, 
Fig. 79 is a flowchart showing a routine of process- 
ing for detemnining the purchase form of the secure 
container in the SAM, 

Fig. 80 is a view for explaining the format of the key 
file after the purchase form is determined, 
Figs. 81 A to 81 E are views for explaining the flow 
of the processing in the transferred side SAM in a 
case where the content file downloaded on the 
download memory of the network apparatus shown 
in Fig. 74 and with the purchase form already de- 
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termined therefor is transferred to the SAM of the 
AV apparatus, 

Fig. 82 is a view of the flow of the data in the trans- 
ferring side SAM in the case shown in Fig. 81 , 
Fig. 83 is a view of the flow of the data in the trans- 5 
ferred side SAM in the case shown in Fig. 81 , 
Fig. 84 is a flowchart of the overall operation of the 
EMD systenn shown in Fig. 59, 
Fig. 85 is a flowchart of the overall operation of the 
EMD systenn shown in Fig. 59, io 
Fig. 86 is a view for explaining ah exannple of the 
delivery format of the secure container from the 
service provider to the user home network in the 
EMD system of the second embodiment, 
Fig. 87 is a view for explaining an example of the t5 
delivery protocol of the secure container employed 
by the EMD system of the second embodiment, 
Fig. 88 Is a view for explaining the delivery protocol 
used when delivering the secure container etc. from 
the user home network to a service provider 31 0 in 
Fig. 87, 

Fig. 89 is a view for explaining the delivery protocol 
used when delivering the key file etc. from the con- 
tent provider to the EMD service center in Fig. 87, 
Fig. 90 is a view for explaining the delivery protocol 25 
used when delivering a price tag data 31 2 etc. from 
the service provider to the EMD service center in 
Fig. 87, 

Fig. 9 1 is a view for explaining the delivery protocol 
used when delivering the secure container etc. in 30 
the user home network in Fig. 87, 
Fig. 92 is a view for explaining an implement format 
of the secure container to a protocol layer in a case 
where XMiySMIL/BML is utilized for a data broad- 
cast method of a digital broadcast, 35 
Fig. 93 is a view for explaining the implement format 
of the secure container to the protocol layer in a 
case where MHEG is utilized for the data broadcast 
method of the digital broadcast. 
Fig. 94isaviewforexplainingtheimplementformat 
of the secure container to the protocol layer in a 
case where XM USM I L is util ized for the data broad- 
cast method of an interface. 
Fig. 95 is a view for explaining the delivery protocol 
used when delivering the usage log data etc. from ^5 
the user home network to the EMD service center, 
Fig. 96 Is a view for explaining the delivery protocol 
used when delivering the secure container etc. in 
the user home network, 

Fig. 97 is a view of the configuration of the EMD 50 
system using two service providers according to a 
first modification of the second embodiment of the 
present invention, 

Fig. 98 is a view of the configuration of the EMD 
system using a plurality of content providers ac- 55 
cording to a second modification of the second em- 
bodiment of the present invention, 
Fig. 99 is a view of the configuration of the EMD 
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system according to a third modification of the sec- 
ond embodiment of the present invention, 
Fig. 100 is a view of the configuration of the EMD 
system according to a fourth modification of the sec- 
ond embodiment of the present invention, 
Fig. 101 is a view for explaining a form of a route 
for acquiring certificate data, 
Fig. 1 02 is a view for explaining processing In a case 
where the certificate data of the content provider is 
invalidated. 

Fig. 103 is aviewfor explaining processing in a case 
where the certificate data of the service provider is 
invalidated, 

Fig. 104 is aviewfor explaining processing in a case 
where the certificate data of the SAM is invalidated. 
Fig. 105 is a view for explaining another processing 
in the case where the certificate data of the SAM Is 
invalidated, 

Fig. 1 06 is a view for explaining a case where a right 
management use clearinghouse and an electronic 
settlement use clearinghouse are provided in the 
EMD system shown in Fig. 47 in place of the EMD 
service center. 

Fig. 107 is a view of the configuration of the EMD 
system in a case where the right management use 
clearinghouse and the electronic settlement use 
clearinghouse shown in Fig. 106 are provided in a 
single EMD service center, 

Fig. 108 is a view of the configuration of the EMD 
system in a case where the service provider directly 
performs settlement at the electronic settlement 
use clearinghouse, 

Fig. 109 is a view of the configuration of the EMD 
system in a case where the content provider directly 
performs settlement at the electronic settlement 
use clearinghouse. 

Fig. 110 is a view of the configuration of the EMD 
system in a case where the content provider is fur- 
ther provided with functions of both of the right man- 
agement use clearinghouse and the electronic set- 
tlement use clearinghouse, 

Fig. 111 is a view for explaining the fomnat of the 
secure container p rovided from the content provider 
to the service provider shown in Fig. 47 in an eighth 
modification of the second embodiment of the 
present invention, 

Fig. 112 is a view for explaining a link relationship 
by directory structure data between the content file 
and the key file shown in Fig. 111, 
Fig. 113 is aviewfor explaining another example of 
the directory structure between the content file and 
the key file. 

Fig. 114 is a view for explaining the format of the 
secure container provided from the service provider 
to the SAM shown in Fig. 47 in the eighth modifica- 
tion of the second embodiment of the present inven- 
tion, 

Fig. 115 is a view for explaining a first concept of 
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the data format of a composite type secure contain- 
er, 

Fig. 116 is a view for explaining a second concept 
of the data format of the composite type secure con- 
tainer, 5 
Fig. 1 1 7 is a view for explaining a case where a first 
procedure is employed in the EMD system accord- 
ing to the eighth modification of the second embod- 
iment of the present invention, 

Fig. 118 is a view for explaining a case where a sec- io 
ond procedure is employed in the EMD system ac- 
cording to the eighth modification of the second em- 
bodiment of the present invention, 
Fig. 119 is a view for explaining a data format in a 
case where the file format is not employed in the '5 
EMD system according to the eighth modification of 
the second embodiment of the present Invention, 
Fig. 120 is a view of the configuration of the EMD 
system according to a 1 0th modification of the sec- 
ond embodiment of the present invention, 20 
Fig. 121 is a view of the configuration of the EMD 
system according to a first pattern of an 11th mod- 
ification of the second embodiment of the present 
invention, 

Fig. 122 is a view of the configuration of the EMD 25 
system according to a second pattern of the 11th 
modification of the second embodiment of the 
present invention, 

Fig. 123 is a view of the configuration of the EMD 
system according to a third pattern of the 1 1 th mod- 30 
ification of the second embodiment of the present 
invention, 

Fig. 124 is a view of the configuration of the EMD 
system according to a fourth pattern of the 11th 
modification of the second embodiment of the 35 
present invention, 

Fig. 125 is a view of the configuration of the EMD 
system according to a fifth pattern of the 1 1 th mod- 
ification of the second embodiment of the present 
invention, 40 
Fig. 126 is a view of the configuration of the EMD 
system according to a ninth modification of the sec- 
ond embodiment of the present invention, 
Fig. 1 27 is a view for explaining a file inclusion size 
relationship of the secure container in the second ^5 
embodiment of the present invention, 
Fig. 1 28 is a view for explaining the EMD system of 
a third embodiment of the present invention, 
Fig. 129 is afunctional block diagram of the EMD 
service center shown in Fig. 128, 50 
Fig. 130 is a view for explaining a modification of 
the EMD system of the third embodiment of the 
present invention, 

Fig. 131 Is a view for explaining the EMD system of 
a fourth embodiment of the present invention, 55 
Fig. 132 is a view for explaining a modification of 
the EMD system of the fourth embodiment of the 
present invention. 



Fig. 1 33 is a view for explaining the EMD system of 
a fifth embodiment of the present invention, 
Fig. 134 is a view for explaining a modification of 
the EMD system of the fifth embodiment of the 
present invention. 

Fig. 135 is a view for explaining another modifica- 
tion of the EMD system of the fifth embodiment of 
the present invention, 

Fig. 1 36 is a view for explaining the EMD system of 
a sixth embodiment of the present invention, 
Fig. 137 is a view for explaining a modification of 
the EMD system of the sixth embodiment of the 
present invention. 

Fig. 138 is a view for explaining another modifica- 
tion of the EMD system of the sixth embodiment of 
the present invention, 

Fig. 1 39 is a view for explaining the EMD system of 
a seventh embodiment of the present invention, 
Fig. 140 is a view for explaining a modification of 
the EMD system of the seventh embodiment of the 
present invention. 

Fig. 141 is a view for explaining another modifica- 
tion of the EMD system of the seventh embodiment 
of the present inventionj 

Fig. 1 42 is a view for explaining the EMD system of 
an eighth embodiment of the present invention, 
Fig. 143 is a view for explaining the EMD system of 
a ninth embodiment of the present invention, 
Fig. 144 is a view for explaining the format of the 
key file in a case where the key file is produced in 
the content provider, and 

Fig. 145 is a view of the configuration of a conven- 
tional EMD system. 

BEST MODE FOR WORKING THE INVENTION 

[0277] Below, an explanation will be given of an EMD 
(electronic music distribution) system according to the 
present embodiment. 

First embodiment 

[0278] Figure 1 is a view of the configuration of an 
EMD system 1 00 of the present embodiment. 
[0279] In the present embodiment, the content data 
distributed to the user nrieans digital, data with the infor- 
mation per se having value and includes image data, 
audio data, programs (software), etc., but an explana- 
tion will be given below by taking as an example music 
data. 

[0280] As shown in Fig. 1 , the EMD system 1 00 has 
a content provider 101, an EMD service center (clear- 
inghouse, hereinafter, also described as an "ESC") 1 02, 
and a user home network 103. 

[0281] Here, the content provider 101, EMD service 
center 102. and SAMs 105^ to IO54 correspond to the 
data providing apparatus, management device, and the 
data processing apparatuses according to claim 1 , claim 
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6, claim 104, and claim 109. 
[0282] First, a brief explanation will be given of the 
EMD system 100. 

[0283] In the EMD system 100, the content provider 
101 sends the content key data Kc used when encrypt- 5 
ing the content data C of the content to be provided by 
itself, usage control policy (UCP, certificate of title) data 
106 indicating the content of rights such as usage per- 
mission conditions of the content data C, and electronic 
watermark information management data indicating the 
content and buried location of the electronic watermark 
infomnation to the EMD service center 102 serving as 
the reputable authority manager. 
[0284] The EMD service center 102 registers (certi- 
fies or authorizes) the content key data Kc, usage con- 
trol policy data 106, and the electronic watermark infor- 
mation key data received from the content provider 101, 
[0285] Also, the EMD service center 102 produces a 
key file KF with the content key data Kc encrypted by 
the distribution use key data KD^ to KDg of a corre- 
sponding period, the usage control policy data 1 06, and 
its own signature data stored therein and sends this to 
the content provider 1 01 . 

[0286] Here, the signature data is used for verifying 
existence of tampering with the key file KF, the legitima- 
cy of the author of the key file KF, and the fact that the 
key file KF was normally registered in the EMD service 
center 102. 

[0287] Also, the content provider 101 encrypts the 
content data C by the content key data Kc and distrib- 
utes a secure container (module of the present inven- 
tion) 104 storing the related produced content file CF, 
key file KF received from the EMD service center 102, 
its own signature data, etc. therein to the user home net- 
work 103 by using a network such as the Internet, digital 
broadcast, or package media such as storage media. 
[0288] Here, the signature data stored in the secure 
container 1 04 is used for verifying the existence of tam- 
pering with the corresponding data and the legitimacy 
of the author and transmitter of the related data. 
[0289] The user home network 103 has for example 
a network apparatus 1 60^ and AV apparatuses I6O2 to 
I6O4. 

[0290] The network apparatus 160^ Includes a built- 
in SAM (secure application module) 105^. 
[0291 ] The AV apparatuses 1 eOg to 1 6O4 Include built- 
in SAMs 1 05-1 to 1064. The SAMs 1 05^ to 1 064 are con- 
nected to each other via a bus 191 for example an I EEE 
(Institute of Electrical and Electronics Engineers) 1394 
serial interface bus. 

[0292] The SAMs 105-| to 1064 decrypt the secure 
container 104 received by the network apparatus 160^ 
via the network or the like from the content provider 1 01 
on-line and/or the secure container 104 received at the 
AV apparatuses I6O2 to 1 804from the content provider 
101 via storage media off-line by using the distribution 
use key data KD^ to KD3 of the corresponding period, 
then perform the verification of the signature data. 
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[0293] The secure container 104 supplied to the 
SAMs 105^ to 1064 becomes the object of the reproduc- 
tion, recording to a storage medium etc. after the pur- 
chase and/or usage form is detemnined by an operation 
of the users in the network apparatus 1 60., and the AV 
apparatuses 1 6O2 to 1 6O4. 

[0294] The SAMs 1 05i to 1 064 record the log of the 
purchase and/or usage form of the secure container 1 04 
as usage log data 108 and, at the same time, produce 
usage control status data 166 indicating the purchase 
form. 

[0295] The usage log data 1 08 is transmitted from the 
user home network 1 03 to the EMD service center 1 02 
in response to for example a request from the EMD serv- 
ice center 102. 

[0296] The usage control status data 1 66 is transmit- 
ted from the user home network 1 03 to the EMD service 
center 1 02 whenever for example the purchase form is 
detennined. 

[0297] The EMD service center 102 determines (cal- 
culates) a charge content based on the usage log data 
108 and perfomns settlement at a settlement manager 
91 such as a bank via a payment gateway 90. By this, 
the money paid to the settlement manager 91 by the us- 
er of the user home network 103 is paid to the content 
provider 1 01 by the settlement processing by the EMD 
service center 102. 

[0298] Also, the EMD service center 102 transmits the 
settlement report data 107 to the content provider 101 
at every predetemnined period. 

[0299] In the present embodiment, the EMD service 
center 1 02 has a certificate authority function, a key data 
management function, and a right clearing (profit distri- 
bution) function. 

[0300] Namely, the EMD service center 1 02 functions 
as a second certificate authority with respect to a route 
certificate authority 92 as the highest authority manager 
located at a neutral position (located in the lower layer 
of the route certificate authority 92) and certifies the le- 
gitimacy of the related public key data by attaching a 
signature by secret key data of the EMD service center 
102 to the certificate data of the public key data used 
for the verification processing of the signature data in 
the content provider 1 01 and SAMs 1 05^ to 1 064. Also, 
as mentioned above, the registration and authorization 
of the usage control policy data 1 06 of the content pro- 
vider 101 by the EMD service center 102 is one of the 
certificate authority functions of the EMD service center 
102. 

[0301] Also, the EMD service center 102 has a key 
data management function for managing the key data, 
for example, the distribution use key data KD-, to KDg. 
[0302] Also, the EMD service center 1 02 has a right 
clearing (profit distribution) function of performing set- 
tlement for a purchase and/or usage of the content by 
the user based on the suggested retailer' price SRP de- 
scribed in the authorized usage control policy data 106 
and the usage log data 108 input from the SAMs 105-, 



EP 1 132 828 A1 



15 



20 



25 



30 



35 



40 



45 



50 



41 



113?fl?flA1 I > 



81 

to 1064 and distributing nnoney paid by the user to the 
content provider 101. 

[0303] Figure 2 is a view sumnnarizing the concept of 
the secure container 104. 

[0304] As shown in Fig. 2, in the secure container 1 04, 5 
the content file CF produced by the content provider 1 01 
and the key file KF produced by the EMD service center 
102 are stored. 

[0305] In the content file CF, header data containing 
the header portion and the content ID, the encrypted 
content data C using the content key data Kc, and the 
signature data using a secret key data K^ps of the con- 
tent provider 101 for them are stored. 
[0306] in the key file KF the header data containing 
the header portion and the content ID, the content key 
data Kc, and the usage control policy data 1 06 encrypt- 
ed by the distribution use key data KD^ to KDg and the 
signature data by secret key data K^sc.s of the EMD 
service center 1 02 for them are stored. 
[0307] Below, a detailed explanation will be given of 
the components of the content provider 1 01 . 

[Content Provider 101] 

[0308] Figure 3 is a functional block diagram of the 
content provider 1 01 and shows the flow of the data re- 
lated to the data transmitted and received with the SAMs 
1 05^ to 1 064 of the user home network 1 03. 
[0309] Also, in Fig. 4, the flow of the data related to 
the data transmitted and received between the content 
provider 1 01 and the EMD service center 1 02 is shown. 
[031 0] Note that, in Fig. 4 and the following drawings, 
the flow of the data input and output to and from the 
signature data processing unit and the encryption and/ 
or decryption unit using session key data Kg^g is omit- 
ted. 

[0311] As shown in Fig. 3 and Fig. 4, the content pro- 
vider 101 has a content master source database 111, 
an electronic watermark infonnation addition unit 112, a 
compression unit 113, an encryption unit 114, a random 
number generation unit 115, an expansion unit 116, a 
signature processing unit 117, a secure container prep- 
aration unit 118, a secure container database 118a, a 
key file database 118b, a storage unit (database) 119, 
a mutual certification unit 120, an encryption and/or de- 
cryption unit 121, a usage control policy data prepara- 
tion unit 122, an audial check unit 123, a SAM manage- 
ment unit 1 24, an EMD service center management unit 
125, and a content ID generation unit 850. 
[0312] The content provider 101 registers for example 
its own generated public key data, ID, and its own bank 
account number (account number for settlement) in the 
EMD service center 102 off-line before communicating 
with the EMD service center 102 and acquires its own 
identifier (identification number) CP_ID. Also, the con- 
tent provider 101 receives the public key data of the 
EMD service center 102 and the public key data of the 
route certificate authority 92 from the EMD service cent- 
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er 102. 

[0313] Below, an explanation will be given of the func- 
tional blocks of the content provider 101 shown in Fig. 
3 and Fig. 4. 

[0314] The content master source database 111 
stores the content data as the master source of the con- 
tent to be provided to the user home network 103 and 
outputs content data S1 11 to be provided to the elec- 
tronic watermark infonnation addition unit 112. 
[0315] The electronic watemnark information addition 
unit 112 buries a source watermark Ws, a copy control 
watermark Wc, a user watenmark Wu, a link watermark 
WL, etc. in the content data S1 11 to produce content 
data S 1 1 2 and outputs the content data S1 1 2 to the com- 
pression unit 113. 

[0316] The source watermark Ws is information con- 
cerning the copyright such as the name of the copyright 
owner of the content data, the ISRC code, authoring 
date, authoring apparatus ID (identification data), and 
destination of distribution of the content. 
[031 7^ The copy control watermark Wc is information 
containing a copy prohibition bit for prevention of copy- 
ing via an analog interface. 

[0318] The user watemnark Wu contains, for example, 
the identifier CP_f D of the content provider 1 01 for spec- 
ifying the origin of distribution and the destination of dis- 
tribution of the secure container 104 and identifiers 
SAM_ID., to SAM_ID4 of the SAMs 1 05^ to 1 064 of the 
user home network 103. 

[0319] The link watemnark WL contains for example 
the content ID of the content data C. 
[0320] By burying the link watermark WL in the con- 
tent data C, even in a case where the content data C is 
distributed by an analog broadcast for example a tele- 
vision or AM/FM radio, the EMD service center 102 can 
introduce a content provider 101 handling the related 
content data C to the user in response to a request from 
the user Namely, by detecting the link watermark WL 
buried in the content data C utilizing an electronic wa- 
termark infonnation decoder at the receiving location of 
the related content data C and transmitting the content 
ID contained in the related detected link watermark WL 
to the EMD service center 1 02, the EMD service center 
102 can introduce the content provider 101 etc. handling 
the related content data C to the related user 
[0321] Concretely, for example, if the user pushes a 
predetermined button at a point of time when he thinks 
that the music being broadcast is good while listening 
to the radio in a car, the electronic watermark informa- 
tion decoder built-in the related radio detects the content 
ID contained in the link watermark WL buried in the re- 
lated content data C, a communication address, etc. of 
the EMD service center 1 02 registering the related con- 
tent data C etc.. and stores the related detected data in 
a media SAM carried in for example a memory stick or 
other semiconductor memory or an MD (Mini Disc) or 
other optical disc or other portable medium. Then, he 
sets the related movable media in the network appara- 
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tus carrying a SAM connected to the network. Then, af- 
ter mutual certification by the related SAM and the EMD 
service center 102, he transmits the personal infonna- 
tion carried in the media SAM and the stored content ID 
etc. from the network apparatus to the EMD sen/ice 
center 1 02. Thereafter, the network apparatus receives 
an introduction list etc. of the content provider 101 etc. 
handling the related content data C from the EMD serv- 
ice center 102. 

[0322] In addition, for example, when the EMD serv- 
ice center 1 02 receives the content ID etc. from the user, 
the infonnation specifying the related user may be noti- 
fied to the content provider 101 providing the content 
data C corresponding to the related content ID. In this 
case, the content provider 101 receiving the related 
communication transmits the related content data C to 
the network apparatus of the user it the related user is 
a contracting subscriber or may transmit promotional in- 
formation concerning itself to the network apparatus of 
the user if the related user is not a contracting subscrib- 
er. 

[0323] Note that, in the second embodiment men- 
tioned later, an EMD service center 302 can introduce 
a service provider 310 handling the related content data 
C to the user based on the link watermark WL. 
[0324] Also, in the present embodiment, preferably, 
the content and buried location of each electronic wa- 
termark information are defined as a watermark module 
WM, and the watermark module WM is registered and 
managed in the EMD service center 102. The water- 
mark module WM is used when for example the network 
apparatus 1 SO^ and the AV apparatuses 1 6O2 to 1 6O4 in 
the user home network 103 verify the legitimacy of the 
electronic watennark information. 
[0325] For example, in the user home network 103, 
by deciding that the electronic watermark infonnation is 
legitimate where both of the buried location of the elec- 
tronic watennark information and the content of the bur- 
ied electronic watermark information match based on 
the user watermark module managed by the EMD serv- 
ice center 1 02, the burial of a false electronic watermark 
infonnation can be detected with a high probability. 
[0326] The compression unit 113 compresses the 
content data 81 1 2 by an acoustic compression method, 
for example ATRAC3 (Adaptive Transform Acoustic 
Coding 3) (trademark), and outputs compressed con- 
tent data S1 1 3 to the encryption unit 1 1 4. 
[0327] In this case, at the time of compression by the 
compression unit 113, it is also possible to bury the elec- 
tronic watennark information in the content data again. 
Concretely, as shown in Fig. 3, when the content data 
113 is expanded at the expansion unit 116 to produce 
content data S1 16 and the content data S11 6 Is repro- 
duced at the audial check unit 1 23, the influence exerted 
upon the quality of sound by the burial of the electronic 
watermark infonnation is decided by for example a per- 
son actually listening to it. Where it does not satisfy a 
predetermined standard, the electronic watermark infor- 
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mation addition unit 112 is instructed to perform the 
processing for burying the electronic watennark infor- 
mation again. 

[0328] By this, when employing an acoustic compres- 
5 sion method accompanied by for example loss of data, 
it is possible to adequately cope with the case where the 
buried electronic watennark information is lost due to 
the related compression. Further, it is also possible to 
expand the compressed content data again and confirm 
10 whether or not the buried electronic watermark informa- 
tion can be correctly detected. In this case, the feeling 
of the sound quality is also verified. Where there is a 
problem In the sound, the burial of the electronic water- 
mark infonnation is adjusted. For example, where the 
15 electronic watermark information is buried by using a 
masking effect, the layer tor burying the electronic wa- 
termark infonnation is adjusted. 

[0329] The encryption unit 114 uses the content key 
data Kc as the common key, encrypts the content data 
20 S1 1 3 by a common key encryption method such as DBS 
(Data Encryption Standard) or Triple DESto produce the 
content data C, and outputs this to the secure container 
preparation unit 118. 

[0330] Also, the encryption unit 114 encrypts an AA/ 

25 expansion use software Soft, a meta data Meta, and the 
watennark module WM by using the content key data 
Kc as the common key and then outputs them to the 
secure container preparation unit 117. 
[0331] DES is the encryption method for processing 

30 64 bits of plain text as one block by using a common key 
of 56 bits. The processing of DES is comprised of a por- 
tion for scrambling the plain text to convert the same to 
encrypted text (data scrambling portion) and a portion 
for creating the key (magnification key) data used in the 

35 data scrambling portion from the common key data (key 
processing portion). All algorithms of the DES are pub- 
lic, therefore, here, the basic processing of the data 
scrambling portion will be simply explained. 
[0332] First, 64 bits of the plain text are divided to Hq 

40 of the upper significant 32 bits and Lq of lower significant 
32 bits. By receiving as input the magnification key data 
of 48 bits supplied from the key processing unit and 
the Lq of the lower significant 32 bits, the output of an F 
function scrambled Lq of the lower significant 32 bits is 

45 calculated. The F function is comprised of two types of 
basic transfonns of "substitution" of switching numerical 
values. by a predetermined rule and "transposition" of 
switching bit locations by a predetermined rule. Next, an 
exclusive OR of the Hq of the upper significant 32 bits 

50 and the output of the F function is calculated, and the 
result thereof is defined as L^. Also, Lq is made H^. 
[0333] Then, based on the Hq of the upper significant 
32 bits and the Lq of the lower significant 32 bits, the 
above processing is repeated 16 times. The obtained 

55 H-,6 of the upper significant 32 bits and L^© ^f the lower 
significant 32 bits are output as the encrypted text. The 
decryption is realized by inversely following the se- 
quence by using the common key data used for the en- 
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cryption. 

[0334] The random number generation unit 115 gen- 
erates a random number of a predetermined number of 
bits and stores the related random number as the con- 
tent key data Kc in the storage unit 119. 5 
[0335] Note that, it is also possible if the content key 
data Kc Is produced from the infomnation concerning a 
song provided by the content data. The content key data 
Kc is updated for example every predetermined time. 
[0336] Also, where a plurality of content providers 101 io 
exist, it is also possible to use inherent content key data 
Kcfrom individual content providers 1 01 or it is also pos- 
sible to use the content key data Kc common to all con- 
tent providers 101 . 

[0337] In the key file database 1 1 8b, as shown in Fig. 15 
4, the key file KF shown in Fig. 5B received from the 
EMD service center 102 via the EMD service center 
management unit 125 is stored. The key file KF exists 
for every content data C. As will be mentioned later, a 
link is designated with the corresponding contentfile CF 20 
by directory structure data DSD in the headerof the con- 
tent file CF. 

[0338]. In the key file KF, as shown in Fig. 5B and Fig. 
7, the header, content key data Kc, usage control policy 
data 106 (usage permission condition) 106, SAM pro- 25 
gram download containers SDC^ to SDC3, and signa- 
ture data SlGj^-, ESC stored. 

[0339] Here, as the signature data using the secret 
key data K^gc.s content provider 101, use can be 
also made of the signature data K^ for all data stored 30 
in the key file KF as shown in Fig. 5B. Alternatively, sig- 
nature data for the data from the header to the infonna- 
tion concerning the key file, signature data for the con- 
tent key data Kc and the usage control policy data 1 06, 
and signature data for the SAM program download con- 35 
tainer SDC can be separately provided too as shown in 
Fig. 7. 

[0340] The content key data Kc and usage control pol- 
icy data 1 06 and the SAM program download containers 
SDC^ to SDC3 are encrypted by using the distribution 40 
use key data KD^ to KDg of the corresponding periods. 
[0341] In the header data, as shown in Fig. 7, a syn- 
chronization signal, the content ID, the signature data 
by the secret key data K^sc.s of the content provider 
101 forthe content ID, the directory structure data, hyper 
link data, the infomnation concerning the key file KF, the 
signature data by the secret key data K^sc s 
tent provider 101 for the directory structure data, etc. 
are contained. 

[0342] Note that, as the information to be contained 
in the header data, various information can be consid- 
ered and freely varied according to the situation . For ex- 
ample, it is also possible if the information as shown in 
Fig. 8 is contained in the header data. 
[0343] Also, in the content ID, for example, the infor- 55 
mation as shown In Fig. 9 is contained. The content ID 
is produced in the EMD service center 1 02 orthe content 
provider 1 01 . Where it is produced in the EMD sen/ice 



center 102, the signature data by the secret key data 
Kesc.s of the EMD service center 102 is added as 
shown in Rg. 9, while where it is produced at the content 
provider 101 , the secret key data K^p.s of the content 
provider 1 01 is added. 

[0344] The content I D is produced by for example the 
content ID generation unit 850 as shown in Fig. 4 and 
stored in the storage unit 119. Note that, it is also pos- 
sible if the content ID is produced by the EMD service 
center 102. 

[0345] The directory structure data indicates corre- 
spondence among the content files CF in the secure 
container 1 04 and correspondence between the content 
files CF and the key files KF. 

[0346] For example, where the content files CF-| to 
CF3 and the key files KF^ to KF3 corresponding to them 
are stored in the secure container 1 04, as shown in Fig. 
1 0, the links among the content files CF^ to CF3 and the 
links between the content files CF-| to CF3 and the key 
files KF^ to KF3 are established by the directory struc- 
ture data. 

[0347] The hyperlink data indicates a hierarchy struc- 
ture among the key files KF and the correspondence be- 
tween the content files CF and the key files KF covering 
all files inside and outside the secure container 104. 
[0348] Concretely, as shown in Fig. 11, the address 
infonmation of the linked site for every content file CF 
and key file KF and the certificate value (hash value) 
thereof are stored in the secure container 1 04. The links 
are verified by comparing the hash value of one's own 
address information obtained by using the hash function 
H(x) and the certificate value of the other party. 
[0349] Also, in the usage control policy data 1 06, as 
shown in Fig. 7, the content ID, identifier CP JD of the 
content provider 101, an expiration date of the usage 
control policy data 106, the communication address of 
the EMD service center 1 02, usage space examination 
infomriation, wholesale price information, a handling 
plan, handling control infomnation, handling control in- 
formation of a commodity demo, the signature data for 
them, etc. are contained. 

[0350] Note that, as in the second embodiment men- 
tioned later, where a secure container 304 is transmitted 
via the service provider 310 to a user home network 303, 
in the usage control policy data 1 06, an identifier SP_1D 
of the service provider 31 0 for providing the secure con- 
tainer 1 04 by the content provider 301 is contained. 
[0351] Also, in the SAM program download contain- 
ers SDC^ to SDC3, as shown in Fig. 7, a download driver 
indicating the routine of the download used when down- 
loading a program in the SAMs 105^ to 1064, a label 
reader such as an UCP-L (Label) R (Reader) indicating 
a syntax (grammar) of the usage control policy data 
(UCP) U106, lock key data for locking/unlocking rewrit- 
ing and erasing of the storage units (flash-ROM) built in 
the SAMs 105., to IO54 in block units, and the signature 
data for them are contained. 

[0352] Note that, the storage unit 1 1 9 is provided with 
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various databases including for example a database for 
storing the certificate data. 

[0353] The signature processing unit 1 1 7 obtains the 
hash value of the data covered by the signature and pro- 
duces the signature data S IG thereof by using the secret 
key data K^pg of the content provider 101. 
[0354] Note that, the hash value is produced by using 
a hash function. A hash function is a function receiving 
as input the data covered, compressing the related input 
data to data having a predetermined bit length, and out- 
putting the same as the hash value. The hash function 
has as its characteristic feature that it is difficult to pre- 
dict the Input of the hash function from the hash value 
(output). When one bit input to the hash function varies, 
many bits of the hash value vary, so it is difficult to find 
the input data having an identical hash value. 
[0355] The secure container preparation unit 1 1 8 pro- 
duces the content file CF storing the header data, meta 
data Meta, the content data C, AJV expansion use soft- 
ware Soft, and the watermark module WM Input from 
the encryption unit114and encrypted by the content key 
data Kc therein as shown in Fig. 5A. 
[0356] It is also possible to contain the file reader and 
the signature data of the file reader in the secret key 
data Kqps as shown in Fig. 6. By doing this, in the SAMs 
1 05^ to 1 064, a plurality of secure containers 1 04 storing 
the content files CF of different formats received from a 
plurality of secure containers 104 of different streams 
can be efficiently processed. 

[0357] Here, the file reader is used when reading a 
content file CF and the key file KF corresponding to that 
and indicates the reading routine etc. of these files. 
[0358] Note, in the present embodiment, a case 
where the related file reader is transmitted in advance 
from the EMD service center 102 to the SAMs 105^ to 
1064 is exemplified. Namely, in the present embodi- 
ment, the content file CF of the secure container 104 
does not store the file reader. 

[0359] In the header data, as shown in Fig. 6, the syn- 
chronization signal, content ID, signature data by the se- 
cret key data K^ps of the content provider 101 for the 
content ID, directory information, hyperlink infomnation, 
serial number, expiration date and producer information 
of the content file CF, file size, existence of encryption, 
encryption algorithm, information concerning the signa- 
ture algorithm, signature data by the secret key data 
Kqp s of the content provider 1 01 concerning the direc- 
tory information, etc. are contained. 
[0360] In the meta data Meta, as shown in Fig. 6, ex- 
planatory text of the commodity (content data C), com- 
modity demo and PR information, infomnation related to 
the commodity, and the signature data from the content 
provider 101 for them are contained. 
[0361] In the present invention, as shown in Fig. 5 and 
Fig. 6, the case where the meta data Meta is stored in 
the content file CF and transmitted is exemplified, but it 
is also possible not to store the meta data Meta in the 
content file CF, but transmit the same from the content 



provider 101 to the SAM 105., etc. through a route dif- 
ferent from the route for transmitting the content file CF. 
[0362] The AA/ expansion use software Soft is the 
software used when expanding the content file CF in the 

5 network apparatus 160., and the AV apparatuses ISOg 
to 1 6O4 of the user home network 1 03 and is the expan- 
sion use software of for example the ATRAC3 method. 
[0363] In this way, by storing the AA/ expansion use 
software Soft in the secure container 104, the content 

10 data C can be expanded by using the AA/ expansion 
use software Soft stored in the secure container 104 in 
the SAMs 105., to 1064. Even if the compression and 
expansion method of the content data C is freely set by 
the content provider 1 01 for every content data C or eve- 

15 ry content provider 1 01 , a large load will not be imposed 
on the user. 

[0364] Thewatemnark module WM contains for exam- 
ple the information required for detecting the electronic 
watermark information buried in the content data C and 

20 software as mentioned before. 

[0365] Also, the secure container preparation unit 118 
produces the secure container 104 storing the content 
file CF shown Fig. 5A mentioned above, signature data 
SIGgQp of the related content file CF, the key file KF 

25 shown in Fig. 5B corresponding to the related content 
file CF read out from the key file database 118b, signa- 
ture data SIG7 Qp of the related key file KF, certificate 
data CERcp of the content provider 101 read out from 
the storage unit 119, and signature data SIG., ^30 of the 

30 related certificate data CERcp therein. 

[0366] Here, the signature data SIG© cp used for 
verifying the legitimacy of the producer and transmitter 
of the content file CF at the received site of the secure 
container 1 04. 

35 [0367] Here, the signature data SIG7 is used for 
verifying the legitimacy of the transmitter of the key file 
KF at the received site of the secure container 1 04. Note 
that, at the received site of the secure container 1 04, the 
legitimacy of the producer of the key file KF is verified 

40 based on the signature data SIG^i^esc ''^ 
Also, the signature data SIG^^ ^30 
ifying whether or not the key file KF is registered in the 
EMD service center 102. 

[0368] In the present embodiment, the encrypted con- 
45 tent data C is stored in the secure container 104 in a 
fomn not depending upon the compression method of 
the content data C, existence of compression, encryp- 
tion method (including both the cases of the common 
key encryption method and public key encryption meth- 
50 od), parameters of the signals giving the content data C 
(sampling frequency etc.), and the preparation method 
(algorithm) of the signature data. Namely, these items 
can be freely determined by the content provider 101 . 
[0369] Also, the secure container preparation unit 118 
55 outputs the secure container 104 stored in the secure 
container database 118a to the SAM management unit 
124 in response to a request from the user 
[0370] In this way, in the present embodiment, an in- 
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band method of storing the certif icate CERqp of the pub- 
lic key data K^p^p of the content provider 1 01 in the se- 
cure container 1 04 and transmitting the same to the user 
home network 103 is employed. Accordingly, the user 
home network 1 03 does not have to communicate with 5 
the EMD service center 1 02 for obtaining the certificate 
CERcp. 

[0371] Note that, in the present invention, it is also 
possible to employ an out-of-band method of obtaining 
the certificate CERqp from the EMD service center 1 02 io 
by the user home network 103 without storing the cer- 
tificate CERqp in the secure container 104. 
[0372] The mutual certification unit 1 20 performs mu- 
tual certification between the EMD sen/ice center 102 
and the user home network 1 03 to produce the session 15 
key data (common key) Kg^s when the content provider 
101 transmits or receives data on-line with the EMD 
service center 1 02 and the user home network 1 03. The 
session key data Kses newly produced at each mutual 
certification. 20 
[0373] The encryption and/or decryption unit 121 en- 
crypts the data to be transmitted on-line to the EMD 
service center 1 02 and the user home network 1 03 by 
the content provider 101 by using the session key data 
Kses- 

[0374] Also, the encryption and/or decryption unit 1 21 
decrypts the data received on-line from the EMD service 
center 102 and the user home network 1 03 by the con- 
tent provider 101 by using the session key data Kqes- 
[0375] The usage control policy data preparation unit 30 
1 22 produces the usage control policy data 1 06 and out- 
puts this to the EMD service center management unit 
125. 

[0376] The usage control policy data 1 06 is a descrip- 
tor defining operating mles of the content data C and for 35 
example describes the suggested retailer's price SRP 
intended by an operator of the content provider 101, 
copy rule of the content data C, etc. 
[0377] The SAM management unit 124 supplies the 
secure container 1 04 off-line or on-line to the user home 40 
network 103. 

[0378] Also, when distributing the secure container 
104 to the SAMs 105^ to 1064 on-line, the SAM man- 
agement unit 124 uses, as the communication protocol 
for transmitting the secure container 104, an MHEG 
{Multimedia and Hypennedia Information Coding Ex- 
perts Group) protocol if a digital broadcast or uses an 
XMLySMIL/HTML (Hyper TextMari<up Language) if the 
Internet and buries the secure containers 104 in these 
communication protocols in a form not depending upon so 
the coding method by tunneling. 

[0379] Accordingly, it is not necessary to match for- 
mats between the communication protocol and the se- 
cure container 1 04, so the format of the secure container 
1 04 can be flexibly set. 55 
[0380] Note that, the communication protocol used 
when transmitting the secure container 104 from the 
content provider 101 to the user home network 103 is 
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not limited to those mentioned above and may be any 
protocol. 

[0381 ] Rgure 1 2 is a view for explaining a storage me- 
dium 130^ of a ROM type used in the present embodi- 
ment. 

[0382] As shown in Fig. 1 2, the ROM type storage me- " 
dium 1 30-1 has a ROM region 1 31 , a secure RAM region 
132, and a media SAM 133. 

[0383] In the ROM region 131, the content file CF 
shown in Fig. 5A is stored. 

[0384] Also, the secure RAM region 132 is a region 
where predetemnined pemnission (certification) is nec- 
essary for accessing the stored data. Signature data 
produced by using a MAC (Message Authentication 
Code) function with the key file KF and the certificate 
data CERqp and a storage use key data Kstr having 
an inherent value in accordance with the type of the ap- 
paratus shown in Figs. 5B and 5C as factors and the 
data obtained by encrypting the related key file KF and 
the certificate data CER^p by using media key data 
K|^ED having an inherent value in the storage medium 
are stored. 

[0385] Also, in the secure RAM region 1 32, for exam- 
ple, certificate revocation data (revocation list) for spec- 
ifying the content provider 101 and the SAMs 105-, to 
1 065 which became invalid due to illegitimate actions or 
the like is stored. 

[0386] Also, in the secure RAM region 132, as will be 
mentioned later, usage control status (UCS) data 166 
etc. produced when the purchase and/or usage fomn of 
the content data C is determined in the SAMs 1 05^ to 
1064 of the user home network 103 is determined are 
stored. By this, by the storage of the user control status 
data 166 in the secure RAM region 132, a ROM type 
storage medium 1 30 with a purchase and/or usage fonm 
detemriined therein is obtained. 

[0387] In the media SAM 133, for example the media 
ID serving as the identifier of the ROM type storage me- 
dium 130-, and the media key data KjyjED stored. 
[0388] The media SAM 1 33 has for example a mutual 
certificate authority function. 

[0389] As the storage medium of the ROM type used 
in the present embodiment, for example, other than one 
shown in Fig. 1 2, also a ROM type storage medium 1 3O2 
shown in Fig. 1 3 and a ROM type storage medium 1 3O3 
shown in Fig. 14 can be considered. 
[0390] The ROM type storage medium 1 3O2 shown in 
Fig. 13 has the ROM region 131 and the media SAM 
133 having the certificate authority function, but is not 
provided with the secure RAM region 1 32 as in the ROM 
type storage medium 130^ shown in Fig. 12. Where use 
is made of the ROM type storage medium 1 SOg, the con- 
tent file CF is stored in the ROM region 131 , and the key 
file KF is stored in the media SAM 133. 
[0391] Also, the ROM type storage medium I3O3 
shown in Fig. 1 4 has the ROM region 1 31 andthe secure 
RAM region 1 32 and does not have the media SAM 1 33 
as in the ROM type storage medium 130., shown in Fig. 
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12. Where the ROM type storage medium I3O3 is used, 
the content f lie CF is stored in the ROM region 131, and 
the key file KF is stored in the secure RAM region 132. 
Also, where the ROM type storage medium 13O3 is 
used, mutual certification is not carried out with the 
SAM. 

[0392] Also, in the present embodiment, other than 
the ROM type storage medium, also a RAM type storage 
medium is used. 

[0393] As the RAM type storage medium used in the 
present embodiment, there is, for example, as shown in 
Fig. 15, a RAM type storage medium I3O4 having the 
media SAM 133, secure RAM region 132. and nonse- 
cure RAM region 1 34. In the RAM type storage medium 
13O4, the media SAM 133 has the certificate authority 
function and stores the l<ey file KR Also, in the RAM re- 
gion .134, the content file OF is stored. 
[0394] Also, as the RAM type storage medium used 
in the present embodiment, other than that, also a RAM 
type storage medium I3O5 shown in Fig. 16 and a RAM 
type storage medium 1 306 shown in Fig. 1 7 can be con- 
sidered. 

[0395] The RAM type storage medium 1 3O5 shown in 
Fig. 1 6 has the nonsecure RAM region 1 34 and the me- 
dia SAM 133 havingthe certificate authority function, but 
is not provided with the secure RAM region 132 as in 
the RAM type storage medium I3O4 shown in Fig. 15. 
Where the RAM type storage medium 130^ is used, the 
contentfileCFis stored In the RAM region 134, and the 
key file KF is stored in the media SAM 133. 
[0396] Also, the RAM type storage medium 1306 
shown in Fig. 17 has the secure RAM region 132 and 
the nonsecure RAM region 134, but does not have the 
media SAM 133 as in the RAM type storage medium 
13O4 shown in Fig. 15. Where use is made of the RAM 
type storage medium 1 306, ^h© content file CF is stored 
in the RAM region 134, and the key file KF is stored in 
the secure RAM region 132. Also, where use is made 
of the RAM type storage medium 1 306. rnutual certifica- 
tion is not carried out with the SAM. 
[0397] Also, where the secure container 1 04 Is distrib- 
uted on-line to the user home network 103 by using a 
network or a digital broadcast, the SAM management 
unit 124 encrypts the secure container 1 04 by using the 
session key data Kses encryption and/or decryp- 
tion unit 121 , and then distributes the same via the net- 
work to the user home network 103. 
[0398] In the present embodiment, as the SAM man- 
agement unit and the EMD sen^ice center management 
unit and the content provider management unit and 
service provider management unit mentioned later, use 
is made of a communication gateway having a tamper 
resistant structure whereby for example monitoring and 
tampering of the processing content of the internal por- 
tion cannot be carried out or are difficult. 
[0399] Here Jn both of the case where the content da- 
ta C is distributed from the content provider 1 01 to the 
user home network 103 by using the storage medium 



1 30i and the case where it is distributed on-line by using 
the network, use is made of the secure container 1 04 of 
a common form with the usage control policy data 106 
stored therein. Accordingly, in the SAMs 1 05^ to 1 064 of 

5 the user home network 103, the rights clearing based 
on the common usage control policy data 106 can be 
carried out in both of the cases of off-line and on-line. 
[0400] Also, as mentioned above, in the present em- 
bodiment, the in-band method of enclosing the content 

10 data C encrypted by the content key data Kc and the 
content key data Kc for decrypting the related encryption 
in the secure container 104 is employed. In the in-band 
method, when it is intended to reproduce the content 
data 0 by the apparatus of the user home network 1 03, 

15 it is not necessary to separately distribute the content 
key data Kc, so there is an advantage that the load of 
the network communication can be reduced. Also, the 
content key data Kc has been encrypted by the distribu- 
tion use key data KD^ to KDq, but the distribution use 

20 key data KD^ to KDg are managed at the EMD service 
center 1 02 and distributed to the SAMs 1 05^ to 1 0Sg of 
the user home network 1 03 in advance (when the SAMs 
105^ to 1064 access the EMD service center 102 for the 
first time), therefore, in the user home network 103, the 

25 usage of the content data C off-line becomes possible 
without connecting with the EMD service center 1 02 on- 
line. 

[0401] Note that, the present invention has the flexi- 
bility to employ the out-of-band method for separately 
30 supplying the content data C and the content key data 
Kc to the user home network 1 03 as will be mentioned 
later. 

[0402] When receiving the settlement report data 1 07 
from the EMD service center 1 02, the EMD service cent- 

35 er management unit 125 decrypts it at the encryption 
and/or decryption unit 121 by using the session key data 
KsES ^rtcl then stores the same in the storage unit 119. 
[0403] As the settlement report data 107, for example, 
the content of the settlement concerning the content 

40 provider 1 01 perfonned by the EMD service center 1 02 
at the settlement manager 91 shown in Fig. 1 is de- 
scribed. 

[0404] Also, the EMD service center management 
unit 125 transmits the content ID as a global unique 

45 identifier of the content data C to be provided, a public 
key data KQpp, and signature data SIGg Qp of them to 
the EMD service center 102 and receives as input the 
certificate data CERcp of the public key data Kcp,pfrom 
the EMD service center 102. 

50 [0405] Also, the EMD service center management 
unit 125 produces, as shown in Fig. 18, a registration 
module ModgStoring the content ID as the global unique 
identifier of the content data C to be provided, the con- 
tent key data Kc, the usage control policy data 1 06, the 

55 watennark module WM, CP_1D as the global unique 
identifier of the content provider 1 01 , and signature data 
SIGmi,cp by the secret key data Kqpq of the content 
provider 1 01 for them therein when registering the con- 
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tent key data Kc, the usage control policy data 1 06, and 
the watermark nnodule WM in the EMD service center 
1 02 and receiving the key file KF for each of the content 
data C. Then, the EMD service center 1 25 encrypts the 
registration nnodule Moda in the encryption and/or de- 
cryption unit 121 by using the session key data Ks^g 
and then transmits the same via the network to the EMD 
service center 1 02. As the EMD service center manage- 
ment unit 125, as mentioned above, for example use is 
made of a communication gateway having a high 
tamper resistant structure whereby monitoring or tam- 
pering of the processing content of the internal portion 
cannot be carried out or are difficult. 
[0406] Below, an explanation will be given of the flow 
of the processing in the content provider 1 01 by refen-ing 
to Fig. 3 and Fig. 4. 

[0407] Note that, as a prerequisite for performing the 
following processing, the interested party of the content 
provider 1 01 pert onns the registration processing for the 
EMD service center 1 02 off-line by using for example its 
own ID and a bank account for performing the settle- 
ment processing and acquires the global unique identi- 
fier CPJD. The identifier CP_ID is stored in the storage 
unit 119. 

[0408] First, an explanation will be given of the 
processing where the content provider 1 01 requests the 
certificate data CER^p for proving the legitimacy of the 
public key data K^pg corresponding to its own secret 
key data K^pg from the EMD service center 1 02 by re- 
ferring to Fig. 4. 

[0409] The content provider 1 01 generates a random 
number by using a true random number generator to 
produce the secret key data Kcp,s. produces the public 
key data Kcpp corresponding to the related secret key 
data Kcps and stores the same in the storage unit 119. 
[0410] The EMD service center management unit 125 
reads out the identifier CP_ID and the public key data 
Kqpp of the content provider 101 from the storage unit 
119. 

[0411] Then, the EMD service center management 
unit 125 transmits the identifier CPJD and the public 
key data K^pp to the EMD service center 102. 
[0412] Then, the EMD service center management 
unit 125 receives as input the certificate data CER^p 
and the signature data SIG^ ^sc thereof from the EMD 
service center 1 02 in accordance with the related reg- 
istration and writes them into the storage unit 119. 
[0413] Next, an explanation will be given of the 
processing where the content provider 1 01 registers the 
content key data Kc, usage control policy data 1 06, and 
the watermark module WM in the EMD service center 
102 and receives the key file KF con^esponding to the 
content data C by referring to Fig. 4, Fig. 1 8, and Fig. 1 9. 
[0414] The registration of the usage control policy da- 
ta 106 etc. is carried out for individual content data C. 
[041 5] Figure 1 9 is a flowchart for explaining the reg- 
istration processing from the content provider 1 01 to the 
EMD service center 1 02. 



[0416] Step A1 : Mutual certification is carried out be- 
tween the mutual certification unit 120 of the content 
provider 1 01 shown in Fig. 4 andthe EMD service center 
102. 

5 [0417] Step A2: The session key data KgEs obtained 
by the mutual certification performed at step A1 is 
shared bythecontent provider 101 andthe EMDservice 
center 102. 

[0418] Step A3: The content provider 101 reads out 
10 the content ID, content key data Kc, usage control policy 
data 1 06, watermark module WM, and CP_ID, etc. to be 
registered into the EMD service center 1 02 from the da- 
tabase of the storage unit 1 1 9 etc. 
[041 9] Step A4: In the signature processing unit 1 1 7, 
^5 the signature data S\G^^ cp indicating the legitimacy of 
the sender is produced for a module containing for ex- 
ample the usage control policy data 1 06 read out at step 
A3 by using the secret key data K^p^ of the content pro- 
vider 101. 

20 [0420] Then, the EMD service center management 
unit 125 produces the registration use module Mod2 
storing the content ID, content key data Kc, usage con- 
trol policy data 1 06, watennark module WM and CP_ID, 
and the signature data SIG^^., ^p for them therein as 

25 shown in Fig. 18. 

[0421] Step A5: The encryption and/or decryption unit 
121 encrypts the registration use module Modg pro- 
duced at step A4 by using the session key data Kg^s 
shared at step A2. 

30 [0422] Step A6: The EMD service center manage- 
ment unit 125 transmits the registration use module 
Mod2 encrypted at step A5 to the EMD service center 
102. 

[0423] The processing of step A7 and following 
35 processing are the processing in the EMD service cent- 
er 102. 

[0424] Step A7: The EMD service center 1 02 decrypts 
the received registration use module Mod2 by using the 
session key data Kses shared at step A2. 

40 [0425] Step A8: The EMD service center 1 02 verifies 
the signature data SIG^^^ Qp stored in the decrypted reg- 
istration use module Modg by using the public key data 
Kcpp, confimns the legitimacy of the sender of the reg- 
istration use module Modg, and performs the processing 

45 of step A9 under the condition that the legitimacy of the 
sender is proved. 

[0426] Step A9: The EMD service center 102 stores 
and registers the content ID, content key data Kc, usage 
control policy data 105, watennark module WM, and 
50 CPJD stored in the registration use module Mod2 in the 
predetermined database. 

[0427] Note that, the EMD service center manage- 
ment unit 1 25 receives, as shown in Fig. 1 8, for example 
six months' worth of the key files KF from the EMD serv- 
55 ice center 1 02 after the registration processing in ac- 
cordance with the registration use module Modg is car- 
ried out for the EMD service center 102. decrypts the 
related received key files KF by using the session key 
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data Kq£s obtained by the mutual certification between 
the mutual certification unit 120 and the EMD service 
center 1 02, and then stores the same in the key file da- 
tabase 118b. 

[0428] Next, an explanation will be given of the 5 
processing where the content provider 101 transmits the 
secure container 104 to the SAM 105^ of the user home 
network 103 by referring to Fig. 3 and Fig. 4. 
[0429] Note that, in the following example, the case 
where the secure container 1 04 is transmitted from the io 
content provider 101 to the SAM 105^ is exemplified, 
but the case where the secure container 104 is trans- 
mitted to each of the SAMs 1052 "•0^4 is the same 
except it transmitted to each of the SAMs 1 052 "'^^4 
via the SAM 105^. 15 
[0430] . First, as shown in Fig. 3, the content data S1 11 
is read out from the content master source database 1 1 1 
and output to the electronic watermark information ad- 
dition unit 112. 

[0431 ] Next, the electronic watermark information ad- 
dition unit 112 buries the electronic watermark informa- 
tion in the content data S111 to producethe content data 
S1 12 and outputs this to the compression unit 113. 
[0432] Next, the compression unit 113 compresses 
the content data S1 12 by for example the ATRAC3 25 
method to produce the content data S1 13 and outputs 
this to the encryption unit 114. 

[0433] Also, as shown in Fig. 4, the content key data 
Kc is produced by generating a random number at the 
random number generation unit 115, and the related 30 
produced content key data Kc is stored in the storage 
unit 119. 

[0434] Next, the encryption unit 1 1 4 encrypts the con- 
tent data S11 3 Input from the compression unit 1 1 3, me- 
ta data Meta read out from the storage unit 119, the A/ 35 
V expansion use software Soft and the watermark mod- 
ule WM by using the content key data Kc and outputs 
the same to the secure container preparation unit 118. 
In this case, it is also possible if the meta data Meta and 
the watermark module WM are not encrypted. 
[0435] Then, the secure container preparation unit 
1 1 8 produces the content file CF shown in Fig. 5A. Also, 
in the signature processing unit 117. the hash value of 
the content file CF is obtained and the signature data 
SIGq cp is produced by using the secret key data K^ps- 
[0436] Also, the secure container preparation unit 1 1 8 
reads out the key file KF corresponding to the content 
data C from the key file database 1 1 8b and outputs this 
to the signature processing unit 117. 
[0437] Then, the signature processing unit 117 ob- 
tains the hash value of the key file KF input from the 
secure container preparation unit 11 8, produces the sig- 
nature data SIG7 Qp by using the secret key data K^ps, 
and outputs this to the secure container preparation unit 
118. 

[0438] Next, the secure container preparation unit 1 1 8 
produces the secure container 104 storing the content 
file CF and the signature data SIGg thereof shown in 
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Fig. 5A, the key file KF and the signature data SIG7 Qp 
thereof shown in Fig. 5B, and the certificate data CERcr 
and the signature data SIG-t ^sc thereof shown in Fig. 
5C read outfrom the storage unit 119 therein and stores 
this in the secure container database 118b. Then, the 
secure container preparation unit 118 reads out the se- 
cure container 1 04 to be provided to the user home net- 
work 1 03 in response to for example a request from the 
user from the secure container database 1 1 8a, encrypts 
this at the encryption and/or decryption unit 121 by using 
the session key data Ks^s obtained by the mutual cer- 
tification between the mutual certification unit 120 and 
the SAM 105^, and then transmits the same via the SAM 
management unit 1 24 to the SAM 1 05-, of the user home 
network 103. 

[0439] Below, a summary of the flow of the overall 
processing of the content provider 1 01 will be explained 
relative to the secure container preparation processing. 
[0440] Figure 20, Fig. 21 , and Fig. 22 are flowcharts 
for explaining the flow of the related processing. 
[0441 ] Step B1 ; The content provider 101 receives as 
input its own certificate data CER^p from the EM D serv- 
ice center 1 02 in advance and stores this in the storage 
unit (database) 119. 

[0442] Step B2: The content data to be newly au- 
thored and an already stored content master source 
such as legacy content data are digitized, allocated a 
content ID, and stored in the content master source da- 
tabase 111 and uniquely managed. 
[0443] Step B3: The meta data Meta is produced for 
each content master source uniquely managed at step 
B1 and Is stored in the storage unit 119. 
[0444] Step B4: The content data S11 1 serving as the 
content master source is read out from the content mas- 
ter source database 111 and output to the electronic wa- 
termark infonnation addition unit 112, the electronic wa- 
termark information is buried, and the content data S1 12 
is produced. 

[0445] Step B5: The electronic watermark information 
addition unit 112 stores the content of the burled elec- 
tronic watermark information and the burial location in 
the predetennined database. 

[0446] StepB6: In the compression unit 113, the con- 
tent data S11 2 with the electronic watermark Information 
buried therein is compressed to produce the content da- 
ta S113. 

[0447] Step B7: In the expansion unit 116, the com- 
pressed content data S113 is expanded to produce the 
content data S11 6. 

[0448] Step B8: In the audial check unit 123, the check 
of the sound of the expanded content data S1 1 6 is car- 
ried out. 

[0449] Step B9: The content provider 1 01 detects the 
electronic watermark infonnation buried in the content 
data S116 based on the buried content and the burial 
location stored in the database at step B5. 
[0450] Then, the content provider 101 performs the 
processing of step B1 0 where both of the audial check 
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and the detection of the electronic watermark informa- 
tion succeed, while repeats the processing of step B4 
where either one fails. 

[0451] Step B10: A random number is generated at 
the random number generation unit 115 to produce the 
content key data Kc, and this is stored in the storage 
unit 119. 

[0452] Step B1 1 : In the encryption unit 1 1 4, the com- 
pressed content data S1 13 is encrypted by using the 
content key data Kc to produce the content data C. 
[0453] Step 81 2: In the usage control policy data 
preparation unit 122, the usage control policy data 106 
for the content data C is produced. 
[0454] Step 813: The content provider 101 deter- 
mines the SRP and stores this in the storage unit 119. 
[0455] Step 814: The content provider 101 outputs 
the content ID, content key data Kc, and the usage con- 
trol policy data 106 to the EMD service center 102, 
[0456] Step B15: The content provider 101 receives 
as input the key file KF encrypted by the distribution use 
key data KD^ to KD3 from the EMD service center 1 02. 
[0457] Step B1 6: The content provider 101 stores the 
input key file KF in the key file database 1 1 8b. 
[0458] Step B17: The content provider 101 connects 
the links of the content data C and the key file KF by the 
hyper link. 

[0459] Step BIB: In the signature processing unit 11 7, 
the signature data indicating the legitimacy of the pro- 
ducer is produced by using the secret key data K^ps for 
each of the content data C and the key files KF 
[0460] Step 81 9: In the secure container preparation 
unit 118, the secure container 104 shown in Fig. 5 is 
produced. 

[0461] Step 820: Where the content data is provided 
in a composite fonrt using a plurality of secure contain- 
ers, the processing of the steps 81 to B19 is repeated 
to produce the secure container 104 and the link be- 
tween the content file CF and the key file KF and the link 
among the content files CF by using the hyper link, etc. 
[0462] Step B21 : The content provider 1 01 stores the 
produced secure container 104 in the secure container 
database 118a. 

[EMD service center 1 02] 

[0463] The EMD service center 102 has a certificate 
authority (CA) function, a key management function., 
and a rights clearing (profit distribution) function. 
[0464] Figure 23 is a view of the configurations of 
functions of the EMD service center 102. 
[0465] As shown in Fig. 23, the EMD service center 
1 02 has a key server 1 41 , a key database 1 41 a, a set- 
tlement processing unit 142, a signature processing unit 
1 43, a settlement manager management unit 1 44, a cer- 
tificate and/or usage control policy management unit 
145, a usage control policy database 145a, a certificate 
database 145b, a content provider management unit 
1 48, a CP database 1 48a, a SAM management unit 1 49, 



a SAM database 149a, a mutual certification unit 150, 
an encryption and/or decryption unit 1 51 , and a KF prep- 
aration unit 153. 

[0466] Note that, in Rg. 23, the flow of the data related 
5 to the data transmitted and received between the EMD 
service center 102 and the content provider 101 in the 
flow of the data among the functional blocks in the EMD 
service center 102 is shown. 

[0467] Also, in Fig. 24, the flow of the data related to 
^0 the data transmitted and received between the SAMs 
105^ to 1084 and the settlement manager 91 shown in 
Fig. 1 in the flow of the data among the functional blocks 
in the EMD service center 102 is shown. 
[0463] The key server 1 41 reads out six months' worth 
^5 of the distribution use key data naving the expiration 
date of one month stored in the key database 1 41 a and 
outputs the same to the SAM management unit 149. 
[0469] Also, other than the key database 1 41 a distri- 
bution use key data KD, one series of key data for stor- 
20 ing the key data such as the secret key data Kesc s of 
the EMD service center 1 02, storage use key data Kqt-r. 
media key data K^^^D. ^^d the MAC key data K^^^^^ are 
stored. 

[0470] The settlement processing unit 142 performs 
25 settlement processing based on the usage log data 1 08 
input from the SAMs 1 05^ to 1 054, the suggested retail- 
er's price SRP input from the certificate and/or usage 
control policy management unit 145 and sales price, 
produces the settlement report data 1 07 and settlement 
30 claim data 152, outputs the settlement report data 1 07 
to the content provider management unit 148, and out- 
puts the settlement claim data 152 to the settlement 
manager management unit 144. 

[0471] Note that, the settlement processing unit 142 

35 monitors whether or not transactions based on an illegal 
dumping price werecan-ied out based on the sales price. 
[0472] Here, the usage log data 1 08 indicates the log 
of the purchase and usage (reproduction, recording, 
transfer, etc.) of the secure container 104 in the user 

40 home network 103 and is used when detennining the 
payment sum of a license fee related to the secure con- 
tainer 104 in the settlement processing unit 142. 
[0473] In the usage log data 1 08, for example the con- 
tent ID serving as the identifier of the content data C 

45 stored in the secure container 1 04, the identifier CP_ID 
of the content provider 1 01 distributing the secure con- 
tainer 1 04, the compression method of the content data 
C in the secure container 1 04, an identifier Media_ID of 
the storage medium storing the secure container 104, 

so the identifier SAM_ID of the SAMs 1 05^ to 1 054 receiv- 
ing the distribution of the secure container 104, 
USERJD of the user of the related SAMs 105^ to IO54, 
etc. are described. Accordingly, the EMD service center 
1 02 determines the sum of payment for each other party 

55 based on a distribution rate table detemnined in advance 
when it is necessary to distribute the money paid by the 
user of the user home network 1 03 to license owners of 
for example the compression method and the storage 
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medium other than the owner of the content provider 
101 and produces the settlement report data 107 and 
the settlement claim data 152 in accordance with the 
related determination. The related distribution rate table 
is produced for example for every content data stored 
in the secure container 1 04. 

[0474] Also, the settlement claim data 152 is the au- 
thenticated data for which the payment of money to the 
settlement manager 91 may be claimed. For example, 
when the money paid by the user is distributed to a plu- 
rality of right holders, it is produced for individual right 
holders. 

[0475] Note that, the settlement manager 91 sends a 
statement of the related settlement managerto the EMD 
service center 102 when the settlement is temninated. 
The EMD service center 1 02 notifies the content of the 
related statement to the corresponding right holders. 
[0476] The settlement manager management unit 
144 transmits the settlement claim data 152 produced 
by the settlement processing unit 142 via the payment 
gateway 90 shown in Fig. 1 to the settlement manager 
91. 

[0477] Note that, as will be mentioned later, it is also 
possible if the settlement manager management unit 
144 transmits the settlement claim data 152 to the right 
holders of the content provider 101 etc., and the right 
holders per se perform the settlement at the settlement 
manager 91 by using the received settlement claim data 
152. 

[0478] Also, the settlement manager management 
unit 144 obtains the hash value of the settlement claim 
data 1 52 in the signature processing unit 1 43 and trans- 
mits signature data SIG99 produced by using the secret 
key data K^sc s together with the settlement claim data 
1 52 to the settlement manager 91 . 
[0479] The certificate and/or usage control policy 
management unit 145 reads out the certificate data 
CERcp and certificate data CERsami CERsam4 
which are registered (stored) in the certif icate database 
145b and authenticated and, at the same time, registers 
the usage control policy data 1 06 of the content provider 
101, the content key data Kc, the watermark module 
WIVl, etc. in the usage control policy database 145a to 
authenticate the same. 

[0480] Here, for the usage control policy database 
145a, a search is carried out by using the content ID as 
a search key, while for the certificate database 145b, a 
search is carried out by using the identifier CP_1D of the 
content provider 101 as the search key. 
[0481 ] Also, the certificate and/or usage control policy 
management unit 1 45 obtains the hash values of for ex- 
ample the usage control policy data 106, content key 
data Kc, and the watermark module WM and stores the 
authenticated data attached with the signature data us- 
ing the secret key data K^scs the usage control policy 
database 1 45a. 

[0482] The content provider management unit 148 
has a function of communication with the content pro- 



vider 101 and can access the CP database 148a for 
managing the identifiers CP_ID etc. of the registered 
content providers 101. 

[0483] The SAM management unit 149 has a function 

> of communication with the SAMs 1 05^ to 1 054 in the us- 
er home network 1 03 and can access the SAM database 
149a storing the identifiers SAM_ID and SAM registra- 
tion list etc. of the registered SAMs. 
[0484] The KF preparation unit 153 outputs the con- 

0 tent key data Kc and usage control policy data 1 06 input 
from the content provider management unit 1 48 and the 
SAM program download containers SDC^ to SDC3 to 
the signature processing unit 143. 
[0485] Also, the KF preparation unit 1 53 encrypts the 

f5 content key data Kc, the usage control policy data 1 06, 
and the SAM program download containers SDC^ to 
SDC3 by using the distribution use key data KD^ to KDg 
of the con-esponding period input from the key server 
141, produces the key file KF storing the related encrypt- 

20 ed data and the signature data S1Gki,esc by the secret 
key data K^sc.s forthe related encrypted data input from 
the signature processing unit 143 therein as shown in 
Fig. 5B. and stores the related produced key file KF in 
the KF database 153a. 

25 [0486] Below, an explanation will be given of the flow 
of the processing in the EMD service center 1 02. 
[0487] First, an explanation will be given of the flow 
of the processing when transmitting the distribution use 
key data from the EMD sen/ice center 1 02 to the SAMs 

30 1 05i to 1 054 in the user home network 1 03 by referring 
to Fig. 24. 

[0488] As shown in Fig. 24, the key server 1 41 reads 
out for example three months' worth of the distribution 
use key data KD^ to KD3 from the key database 141a 
35 everypredetemnined period and outputs the same to the 

SAM management unit 149. 

[0489] Also, the signature processing unit 143 obtains 
the hash values of each of the distribution use key data 
KD-, to KD3 to produce signature data SIGkdi,esc 

40 S1Gkd3 esc individually corresponding to them by using 
the secret key data K^scs of the EMD service center 
1 02 and outputs them to the SAM management unit 1 49. 
[0490] The SAM management unit 149 encrypts 
these three months' worth of the distribution use key da- 

45 ta KD-, to KD3 and the signature data SIG^dlesc to 
S1Gkd3 esc of them by using the session key data Kqes 
obtained by the mutual certification between the mutual 
certification unit 150 and the SAMs 105^ to IO54 and 
then transmits them to the SAMs 105-, to 1064. 

50 [0491] Next, an explanation will be given of the 
processing in the case where the EMD service center 
1 02 receives an issuance request of the certificate data 
CERcp from the content provider 101 by refemngto Fig. 
23. 

55 [0492] In this case, when receiving the identifier 
CPJD of the content provider 101, public key data 
Kcp.p, and the signature data SIGq^cp f^^^ the content 
provider 1 01 , the content provider management unit 148 
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decrypts them by using the session key data Kg^s ob- 
tained by the mutual certification between the mutual 
certification unit 1 50 andthe mutual certification unit 1 20 
shown in Fig. 4. 

[0493] Then, after confinm in g the legitimacy of the re- 
lated decrypted signature data SIG9 at the signature 
processing unit 143, it is confimned whether or not the 
content provider 1 01 issuing the issuance request of the 
related certificate data is registered in the CP database 
148a based on the identifier CP_ID and the public key 
dataKQpp. 

[0494] Then, the certificate and/or usage control pol- 
icy management unit 145 reads out the certificate data 
CERcp of the related content provider 101 from the cer- 
tificate database 145b and outputs this to the content 
provider management unit 148. 

[0495] Also, the signature processing unit 1 43 obtains 
the hash value of the certificate data CERcp, produces 
the signature data SIG^ ^gc by using the secret key data 
^ESC.s the EMD service center 1 02, and outputs this 
to the content provider management unit 1 48. 
[0496] Then, the content provider management unit 
148 encrypts the certificate data CER^p and the signa- 
ture data SIG-, Esj;. thereof by using the session key data 
KsEs obtained by the mutual certification between the 
mutual certification unit 150 and the mutual certification 
unit 120 shown in Fig. 4 and then transmits the same to 
the content provider 101 . 

[0497] Next, an explanation will be given of the 
processing where the EMD service center 1 02 receives 
the issuance request of the certificate data CERsami 
from the SAM 105^ by refen^ing to Fig. 24. 
[0498] In this case, when- receiving an identifier 
SAMi_ID of the SAM 1 05^ , public key data Kg^Mi p> and 
signature data SIGg sAMi from the SAM 105^, the SAM 
management unit 149 decrypts them by using the ses- 
sion key data Kg^s obtained by the mutual certification 
between the mutual certification unit 150 and the SAM 
105i. 

[0499] Then, after confirming the legitimacy of the re- 
lated decrypted signature data SIGq^sami the signa- 
ture processing unit 143, based on the identifier 
SAMi_ID and the public key data Kqamlp. ^ 's con- 
fimned whether or not the SAM 1 05^ outputting the issu- 
ance request of the related certificate data is registered 
in the SAM database 1 49a. 

[0500] Then, the certificate and/or usage control pol- 
icy management unit 145 reads out the certificate data 
^^•^SAMi of the related SAM 105^ from the certificate 
database 145b and outputs this to the SAM manage- 
ment unit 149. 

[0501 ] Also, the signature processing unit 1 43 obtains 
the hash value of the certificate data CERqami. Produc- 
es signature data SIG5Q ^sc by using the secret key data 
Kesc.s of the EMD service center 1 02, and outputs this 
to the SAM management unit 149. 
[0502] Then, the SAM management unit 1 49 encrypts 
the certificate data CER3y^J^., and the signature data 



SIGso.Esc thereof by using the session key data Ks^g 
obtained by the mutual certification between the mutual 
certification unit 150 andthe SAM 105^, and then trans- 
mits the same to the SAM 1 05^ . 
5 [0503] Note that, the processing where the SAMs 
1 05^ to 1 054 request the certificate data is the same as 
the case of the SAM 1 05^ mentioned above except only 
the object is replaced by the SAMs 1 05^ to 1 054. 
[0504] Note that, in the present invention, it is also 
10 possible if the EMD service center 1 02 produces the cer- 
tificate data CERsami of the public key data K^ami p at 
the time of shipment when a secret key data Kqami s 
and the public key data Ksami.p of the SAM 105^ are 
stored in the storage unit of the SAM 105^ at for example 
^5 the related shipment of the SAM 1 05^. 

[0505] At this time, at the related shipment, it is also 
possible to store the certificate data CERqami "n the 
storage unit of the SAM 1 05^. 

[0506] Next, an explanation will be given of the 
20 processing where the EMD service center 1 02 receives 
the registration use module Mod2 shown in Fig. 1 from 
the content provider 101 by referring to Fig. 23. 
[0507] In this case, when the content provider man- 
agement unit 148 receives the registration use module 
^5 Mods shown in Fig. 18 from the content provider 101 , 
the registration use module Modg is decrypted by using 
the session key data Kg^g obtained by the mutual cer- 
tification between the mutual certification unit 150 and 
the mutual certification unit 120 shown in Fig. 4. 
30 [0508] Then, in the signature processing unit 1 43, the 
legitimacy of the signature data SIG^^^ cp 's verified by 
using the public key data Kcp,p read out from the key 
database 141a. 

[0509] Next, the certificate and/or usage control policy 
35 management unit 1 45 registers the usage control policy 
data 1 06, content key data Kc, watennark module WM, 
and SRP stored in the registration use module Modg in 
the usage control policy database 145a. 
[0510] Next, the content provider management unit 
40 1 48 outputs the content key data Kc and the usage con- 
trol policy data 106 to the KF preparation unit 153. 
[0511] Next, the KF preparation unit 153 outputs the 
content key data Kc and usage control policy data 106 
input from the content provider management unit 148 
45 and the SAM program download containers SDC^ to 
SDC3 to the signature processing unit 143. 
[0512] Then, the signature processing unit 143 ob- 
tains the hash value with respect to the whole data input 
from the KF preparation unit 153, produces the signa- 
ge turedataSIGKi^Esc^f^ereof by using the secret key data 
^Esc.s of the EMD service center 1 02, and outputs this 
to the KF preparation unit 153. 

[0513] Next, in the KF preparation unit 153, by using 
the distribution use key data KD^ to KDg of the corre- 
55 sponding period input from the key server 1 41 , the con- 
tent key data Kc and usage control policy data 106 and 
the SAM program download containers SDC^ to SDC3 
are encrypted, and the key file KF storing the related 



52 



1 1 .-^-TR-TPIA 1 r > 



103 



EP 1 132 828 A1 



104 



encrypted data and the signature data SIG,^^ ^sc '"P^'t 
from the signature processing unit 143 therein is pro- 
duced and is stored in the KF database 153a. 
[0514] Here, as the SAM progrann download contain- 
ers SDC^ to SDC3, it Is also possible to use those stored 
in the registration use module Mod2 or it Is also possible 
to use those held by the EMD service center 1 02 In ad- 
vance. 

[0515] Next, the content provider management unit 
148 encrypts the key file KF obtained by accessing the 
KF database 153a by using the session key data Kg^s 
obtained by the mutual certification between the mutual 
certification unit 1 50 and the mutual certification unit 1 20 
shown in Fig. 4, and then transmits the same to the con- 
tent provider 101. 

[0516] Next, an explanation will be given of the settle- 
ment processing performed in the EMD service center 
1 02 by referring to Fig. 24. 

[0517] When receiving as Input the usage log data 
1 08 and signature data SIG2oo,sami thereof from for ex- 
ample the SAM 1 05^ of the user home network 1 03, the 
SAM management unit 1 49 decrypts the usage log data 
108 and the signature data SIGgoo.sAMi '^V using the 
session key data KgEs obtained by the mutual certifica- 
tion between the mutual certification unit 150 and the 
SAM 105-1, vei'if'es the signature data SIGgoo.sAMi 
the public key data Ksy^j^^ of the SAM lOS-j, and then 
outputs the same to the settlement processing unit 1 42. 
[051 8] Then, the settlement processing unit 1 42 per- 
forms the settlement processing based on the usage log 
data 108 input from the SAM management unit 149 and 
the suggested retailer's price SRP contained in the us- 
age control policy data 106 read out from the usage con- 
trol policy database 1 45 a via the certificate and/or usage 
control policy management unit 145 and the sales price 
and produces the settlement claim data 1 52 and the set- 
tlement report data 1 07. 

[051 9] The settlement processing unit 1 42 outputs the 
settlement claim data 152 to the settlement manager 
management unit 144 and, at the same time, outputs 
the settlement report data 1 07 to the content provider 
management unit 148. 

[0520] Next, the settlement manager management 
unit 1 44 transmits the settlement claim data 1 52 and the 
signature data SIG99 thereof via the payment gateway 
90 shown in Fig. 1 to the settlement manager 91 after 
the mutual certification and the decryption by the ses- 
sion key data Kses- 

[0521] By this, the money of the sum indicated in the 
settlement claim data 1 52 is paid to the content provider 
101. 

[0522] Next, an explanation will be given of the 
processing where the EMD service center 1 02 transmits 
the settlement report to the content provider 1 01 by re- 
ferring to Fig. 23. 

[0523] When the settlement is carried out in the set- 
tlement processing unit 142, as mentioned above, the 
settlement report data 107 Is output from the settlement 



processing unit 142 to the content provider manage- 
ment unit 148. 

[0524] In the settlement report data 107, as men- 
tioned above, for example the content of the settlement 

5 concerning the content provider 1 01 performed with re- 
spect to the settlement manager 91 shown In Fig. 1 by 
the EMD service center 102 is described. 
[0525] When receiving as input the settlement report 
data 107 from the settlement processing unit 142, the 

10 EMD service center 1 02 encrypts this by using the ses- 
sion key data Kqes obtained by the mutual certification 
between the mutual certification unit 1 50 and the mutual 
certification unit 120 shown in Fig. 4 and then transmits 
the same to the content provider 1 01 . 

^5 [0526] Also, after registering (authenticating) the us- 
age control policy data 106 as mentioned above, the 
EMD sen/ice center 1 02 may encrypt the authenticated 
certificate module by the distribution use key data KD^ 
to KDg and transmit the same from the EMD service 

^0 center 1 02 to the content provider 1 01 too. 

[0527] Also, the EMD service center 1 02 performs the 
processing at the time of shipment of the SAMs 1 05^ to 
105^ and the registration processing of the SAM regis- 
tration list other than the above, but these processings 

25 will be mentioned later. 

[User home network 1 03] 

[0528] The user home network 1 03 has a network ap- 
30 paratus 160^ and AA/ apparatuses I6O2 to I6O4 as 
shown in Fig. 1 . 

[0529] The network apparatus 160^ includes a built- 
in SAM 105^. Also, the AV apparatuses 1602to I6O4 
includes built-in SAMs 1052 "'*^^4- 
35 [0530] The SAMs 1 05^ to 1 05^ are connected to each 
other via a bus 191, for example, an IEEE 1394 serial 
interface bus. 

[0531] Note that, the AV apparatuses I6O2 to I6O4 
can have a network communication function too or may 
40 not have the network communication function, but utilize 
the network communication function of the networic ap- 
paratus 1 60., via the bus 191 . 

[0532] Also, the user home network 1 03 can have on- 
ly AV apparatuses not having the network function too. 
45 [0533] Below, an explanation will be made of the net- 
work apparatus 1 60^ . 

[0534] Figure 25 is a view of the configuration of the 
network apparatus 1 60^ . 

[0535] As shown in Fig. 25, the network apparatus 
so 160-1 has the SAM 105^, a communication module 162, 
a decryption and/or expansion module 1 63, a purchase 
and/or usage fonn determination operation unit 165, a 
download memory 1 67, a reproduction module 1 69, and 
an external memory 201 . 
55 [0536] The SAMs 105-, to IO54 are modules for per- 
forming the charge processing in units of content and 
communicate with the EMD service center 102. 
[0537] The SAMs 1 05^ to 1 054 are managed in their 
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specifications, versions, etc. by for example the EMD 
service center 1 02. If there is a desire formounting them 
by a home electric apparatus maker, they are licensed 
as a black box charging module for charging in units of 
content. For example, a home electric apparatus devel- 
oper/manufacturer cannot detemnine the specifications 
inside the ICs (integrated circuits) of the SAMs 105-, to 
1064. The EMD service center 102 standardizes the in- 
terfaces etc. of the related ICs. They are mounted in the 
network apparatus 160^ and the AV apparatuses leOg 
to 1 6O4 according to that. 

[0538] The SAMs 1 05^ to 1 0S^are hardware modules 
(IC modules etc.) having tamper resistance so that the 
processing contents thereof are completely sheltered 
from the outside, the processing contents cannot be 
monitored or tampered with from the outside, and the 
data stored inside in advance and the data being proc- 
essed cannot be monitored and tampered with from the 
outside. 

[0539] When the functions of the SAMs 1 05^ to 1 05^ 
are realized in the fonm of ICs, secret memories are pro- 
vided inside the ICs, and secret programs. and secret 
data are stored there. If the function of a SAM can be 
incorporated In any other portion of the apparatus not 
limited to the physical fomi of an IC, that portion can be 
defined as a SAM too. 

[0540] Below, a detailed explanation will be made of 
the function of the SAM 1 05^ . 

[0541 ] Note that the SAMs 1 062 to 1 064 have basical- 
ly the same functions as the SAM 105^. 
[0542] Figure 26 is a view of the configuration of the 
function of the SAM lOS^. 

[0543] Notethat,in Fig. 26, the flow of the data related 
the processing of inputting a secure container 1 04 from 
the content provider 1 01 and decrypting the.key file KF 
in the secure container 1 04 is shown. 
[0544] As shown in Fig. 26, the SAM 105^ has a mu- 
tual certification unit 170, encryption and/or decryption 
units 171, 172, and 173, a content provider manage- 
ment unit 1 80, an error correction unit 1 81 , a download 
memory management unit 182, a secure container de- 
cryption unit 183, a decryption and/or expansion module 
management unit 1 84, an EMD service center manage- 
ment unit 185, a usage monitor unit 186, a charge 
processing unit 187, a signature processing unit 189, a 
SAM management unit 1 90, a media SAM management 
unit 197, a stack (work) memory 200, and an external 
memory management unit 81 1 . 

[0545] Note that, the AV apparatuses 1 6O2 to 1 6O4 do 
not have the download memory 167, so the download 
memory management unit 182 does not exist in the 
SAM 1052 to 1054. 

[0546] Note that, the predetermined function of the 
SAM 105^ shown in Fig. 26 is realized by executing a 
secret program in for example a not illustrated CPU. 
[0547] Also, In the external memory 201 , after going 
through the following processing, as shown in Fig. 27, 
a usage log data 108 and a SAM registration list are 



stored. 

[0548] Here, the memory space of the external mem- 
ory 201 cannot be seen from the outside (for example 
a host CPU 810) of the SAM 105-,. Only the SAM 105^ 
5 can manage access with respect to the storage region 
of the external memory 201 . 

[0549] As the external memory 210, use is made of 
for example a flash memory or a ferro-electric memory 
(FeRAM). 

10 [0550] Also, as the stack memory 200, use Is made 
of for example a SARAM. As shown in Fig. 28, the se- 
cure container 1 04, content key data Kc, usage control 
policy data (UCP) 1 06, a lock key data Klqc of ^ storage 
unit 1 92, certificate data CERqp of the content provider 

15 101, usage control status data (UCS) 166, SAM pro- 
gram download containers SDC, to SDC3, etc. are pro- 
vided. 

[0551] Below, among the functions of the SAM 105^, 
the processing contents of the functional blocks when 

^0 the secure container 1 04 from the content provider 1 01 
is input will be explained by referring to Fig. 26. 
[0552] The mutual certification unit 1 70 performs mu- 
tual certification between the content provider 101 and 
the EMD service center 102 when the SAM 105^ trans- 

25 mlts and receives the data on-line between the content 
provider 101 and the EMD service center 1 02 to produce 
a session key data (common key) Ks^s snd outputs this 
to the encryption and/or decryption unit 171. The ses- 
sion key data Kg^g 'S newly produced with each mutual 

30 certification. 

[0553] The encryption and/or decryption unit 171 en- 
crypts and/or decrypts the data transmitted and re- 
ceived between the content provider 101 and the EMD 
service center 102 by using the session key data K^^s 

35 produced by the mutual certification unit 170. 

[0554] The error correction unit 1 81 corrects the error 
of the secure container 1 04 and outputs the same to the 
download memory management unit 182. 
[0555] Note that, it is also possible if the user home 

40 network 1 03 has a function for detecting whether or not 
the secure container 104 has been tampered with. 
[0556] In the presentembodiment.thecase where the 
error con-ection unit 181 was built in the SAM 105^ was 
exemplified, but it is also possible to impart the function 

45 of the error correction unit 1 81 to the outside of the SAM 
105^, for example, the host CPU 810. 
[0557] The download memory management unit 1 82 
performs the mutual certification between the mutual 
certification unit 170 and a media SAM 167a in a case 

50 where the download memory 167 has a media SAM 
167a having a mutual certification function as shown in 
Fig. 25, and then encrypts the secure container 1 04 after 
the error correction by using the session key data Kqes 
obtained by the mutual certification and writes the same 

55 into the download memory 1 67 shown in Fig. 25. As the 
download memory 167, use is made of for example a 
nonvolatile semiconductor memory such as memory 
stick. 
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[0558] Note that, as shown in Fig. 29, where a mem- 
ory not provided with a mutual certification function such 
as a HDD (hard disk drive) is used as a download mem- 
ory 211 , the inside of the download memory 211 is not 
secure, so the content file CF is downloaded on the 
download memory 211 , and a key file KF having a high 
secrecy is downloaded on for example the stack mem- 
ory 200 shown in Fig. 26. 

[0559] The secure container decryption unit 183 de- 
crypts the content key data Kc, usage control policy data 
106, and the SAM program download containers SDC^ 
to SDC3 in the key file KF stored in the secure container 
104 input from the download memory management unit 
182 by using distribution use key data KD^ to KD3 read 
out from the storage unit 192. 

[0560] The related decrypted content key data Kc, us- 
age control policy data 106. and the SAM program 
download containers SDC^ to SDC3 are written into the 
stack memory 200. 

[0561 ] The EMD service center management unit 1 85 
manages the communication with the EMD service 
center 1 02 shown in Fig. 1 . 

[0562] The signature processing unit 1 89 verifies the 
signature data in the secure container 104 by using a 
public key data K^scp of the EMD service center 102 
read out from the storage unit 192 and the public key 
data Kqpp of the content provider 101. 
[0563] The storage unit 1 92 stores, as the secret data 
which cannot be read out and rewritten from the outside 
of the SAM 1 05^, as shown in Fig. 30. a plurality of dis- 
tribution use key data KD^ to KD3 with expiration dates, 
SAM_IDs, user IDs, passwords, information reference 
use IDs, a SAM registration list, storage use key data 
KsTR. public key data Kr.ca.p of the route CA, public key 
data Kescp of ^^D service center 102, media key 
data K^^ED, public key data K^scp ^f service 
center 102, secret key data Ksami.s of the SAM lOS^, 
the certificate data CERsami storing public key data 
KsAMi.p of the SAM 105^ therein, signature data SIG22 
of the* certificate CEResq using the secret key data 
Kesc.s of the EMD service center 1 02, the original key 
data for the mutual certification with the decryption and/ 
or expansion module 163 (where the common key en- 
cryption method is employed), the original key data for 
the mutual certification with the media SAM (where the 
common key encryption method is employed), and cer- 
tificate data CER^^EDSAM of the media SAM (where the 
public key encryption method is employed). 
[0564] Also, in the storage unit 1 92, a secret program 
for realizing at least one part of the functions shown in 
Fig. 26 is stored. 

[0565] As the storage unit 192, use is made of for ex- 
ample a flash-EEPROM (electrically erasable program- 
mable RAM). 

[0566] Below, an explanation will be made of the flow 
of the processing in the SAM 1 05^ when storing the dis- 
tribution use key data KD-, to KD3 received from the 
EMD service center 102 in the storage unit 192 by re- 



ferring to Fig. 26. 

[0567] In this case, first, mutual certification is carried 
out between the mutual certification unit 170 and the 
mutual certification unit 150 shown in Fig. 23. 

5 [0568] Next, three months' worth of the distribution 
use key data to K3 encrypted by the session key data 
KsEs obtained by the related mutual certification and the 
signature data SIGkdi.esc toSIGKDs.ESC thereof are 
written from the EMD service center 102 via the EMD 

10 service center management unit 185 into the stack 
memory 811. 

[0569] Next, in the encryption and/or decryption unit 
1 71 , by using the session key data Kqes, the distribution 
use key data to K3 and the signature data SIG^dlesc 

15 toSlGKD3,ESC thereof are decrypted. 

[0570] Next, in the signature processing unit 189, af- 
ter the legitimacy of the signature data SIG^dlesc to 
SlGj^D3Esc stored In the stack memory 811 is con- 
firmed, the distribution use key data K^ to K3 are written 

20 into the storage unit 1 92. 

[0571] Below, an explanation will be made of the flow 
of the processing in the SAM 105^ receiving as input the 
secure container 1 04 provided by the content provider 
101 by referring to Fig. 26. 

25 [0572] Mutual certification is carried out between the 
mutual certification unit 170 of the SAM 105-, shown in 
Fig. 26 and the mutual certification unit 120 shown in 
Fig.3. 

[0573] The encryption and/or decryption unit 171 de- 
30 crypts the secure container 104 supplied from the con- 
tent provider 1 01 via the content provider management 
unit 180 by using the session key data Kses obtained 
by the related mutual certification. 
[0574] Next, the signature processing unit 1 89 verifies 
35 the signature data SIG^ esc shown in Fig. 5C and then 
verifies the legitimacy of the signature data SIGg Qp and 
SIG7 CP by using the public key data Kcp.p of the content 
provider 1 01 stored in the certificate data CERcp shown 
in Fig. 5C. 

40 [0575] At this time, when it is verified that the signa- 
ture data SlGg CP 'S legitimate, the legitimacy of the pro- 
ducer and the'transmitter of the content file CF is con- 
firmed. 

[0576] Also, when it is verified that the signature data 
45 SIG7 CP is legitimate, the legitimacy of the transmitter of 
the key file KF is confirmed. 

[0577] Also, the signature processing unit 1 89 verifies 
the legitimacy of the signature data SIG^^ esc ■'^the key 
file KF shown in Fig. 5B, that is, the legitimacy of the 
50 producer of the key file KF and whether or not the key 
file KF is registered in the EMD service center 102 by 
using the public key data K^scp ^^^^ o^t from the stor- 
age unit 192. 

[0578] The content provider management unit 180 
55 outputs the secure container 1 04 to the error connection 
unit 181 when the legitimacy of the signature data 
SlGg cp> SlGy cp. and SIGki.esc 's confirmed. 
[0579] The errorcorrection unit 181 perfonns the error 
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correction of the secure container 104 and then outputs 
the same to the download nriemory management unit 
182. 

[0580] The download memory management unit 1 82 
writes the secure container 1 04 Into the download mem- 
ory 167 after performing the mutual certification be- 
tween the mutual certification unit 170 and the media 
SAM 167a shown in Fig. 25. 

[0581] Next, the download memory management unit 
182 perfomns mutual certification between the mutual 
certification unit 170 and the media SAM 167a shown 
in Fig. 25 and then reads out the key file KF shown in 
Fig. SB stored in the secure container 104 from the 
download memory 1 67 and outputs the same to the se- 
cure container decryption unit 183. 
[0582] Then, in the secure container decryption unit 
1 83, by using the distribution use data KD^ to KD3 of the 
corresponding period input from the storage unit 192, 
the content key data Kc, usage control policy data 1 06, 
and the SAM program download containers SDC^ to 
SDC3 in the key file KF shown in Fig. SBare decrypted. 
[0583] Then, the decrypted content key data Kc, us- 
age control policy data 106, and the SAM program 
download containers SDC^ to SDC3 are written into the 
stack memory 200. 

[0584] Below, an explanation will be made of the 
processing contents of the functional blocks related to 
the processing of using and purchasing the content data 
C downloaded on the download memory 167 by refer- 
ring to Fig. 31. 

[0585] The usage monitor unit 186 reads out the us- 
age control policy data 1 06 and the usage control status 
data 166 from the stack memory 200 and monitors so 
that the purchase and/or usage of the content is carried 
out within a range pemnitted by the related read out us- 
age control policy data 1 06 and usage control status da- 
ta 165. 

[0586] Here, the usage control policy data 106 is 
stored in the KF after decryption and stored in the stack 
memory 200 as explained by using Fig. 26. 
[0587] Also, the usage control status data 166 is 
stored in the stack memory 200 when the purchase fonn 
is detemnined by the user as will be mentioned later 
[0588] The charge processing unit 1 87 produces the 
usage tog data 108 in response to an operation signal 
SI 65 from the purchase and/or usage fonn determina- 
tion operation unit 165 shown in Fig. 25. 
[0589] Here, the usage log data 1 08 describes the log 
of the purchase and usage forms of the secure container 
1 04 by the user as mentioned before and is used when 
performing settlement processing in accordance with 
the purchase of the secure container 1 04 and determin- 
ing the payment of the license fee in the EMD sen/ice 
center 102. 

[0590] Also, the charge processing unit 187 notifies 
the sales price or the suggested retailer's price data 
SRP read out from the stack memory 200 to the user 
according to need. 



[0591 ] Here, the sales price and the suggested retail- 
er's price data SRP have been stored in the usage con- 
trol policy data 106 of the key file KF shown in Fig. 5B 
stored in the stack memory 200 after decryption. 

5 [0592] The charge processing by the charge process- 
ing unit 187 is carried out based on the right content 
such as the usage permission condition indicated by the 
usage control policy data 1 06 and the usage control sta- 
tus data 166 under the monitoring of the usage monitor 

fo unit 1 86. Namely, the user purchases and uses the con- 
tent within the range according to the related right con- 
tent, etc. 

[0593] Also, the charge processing unit 1 87 produces 
the usage control status (UCS) data describing the pur- 
15 chase fonn of the content by the user and writes this into 
the stack memory 200. 

[0594] As the purchase fonn of the content, there are 
for example an outright purchase without restriction as 
to the reproduction by the purchaser and copying for the 

^0 usage of the related purchaser, a reproduction charge 
for charging with each reproduction, etc. 
[0595] Here, the usage control status data 1 66 is pro- 
duced when the user detemriines the purchase form of 
the content and is used for control so that the user uses 

25 the related content with in the range permitted by the re- 
lated determined purchase form Shereafter. In the us- 
age control status data 166, the ID of the content, the 
purchase form, the price in accordance with the related 
purchase fonn, the SAM_ID of the SAM with the pur- 

30 chase of the related content performed therefor, the 
USER_ID of the purchased user, etc. are described. 
[0596] Note that, where the detemnined purchase 
form is a reproduction charge, for example, the usage 
control status data 1 66 is transmitted from the SAM 1 05^ 

35 to the content provider 101 in real-time simultaneously 
with the purchase of the content data C, and the content 
provider 101 instructs the EMD service center 102 to 
obtain the usage log data 108 at the SAM 105^ within 
the predetermined period. 

40 [0597] Also, where the detennined purchase fonn is 
an outright purchase, for example, the usage control 
status data 1 66 is transmitted in real-time to both of the 
content provider 1 01 and the EMD service center 1 02. 
In this way, in the present embodiment, in both cases, 

45 the usage control status data 1 66 is transmitted in real- 
time to the content provider 1 01 . 

[0598] The EMD service center management unit 185 
transmits the usage log data 108 read out from the ex- 
ternal memory 201 via the external memory manage- 

50 ment unit 811 to the EMD service center 1 02. 

[0599] At this time, the EMD service center manage- 
ment unit 1 85 produces the signature data SIG200 sAivn 
of the usage log data 1 08 by using the secret key data 
*^SAivii,s signature processing unit 189 and trans- 

55 mits the signature data SIGgocsAivii together with the 
usage log data 108 to the EMD service center 102. 
[0600] The usage log data 1 08 can be transmitted to 
the EMD service center 1 02 in response to for example 
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a request from the EMD service center 102 or periodi- 
cally or can be transmitted when the amount of infomna- 
tion of the log information contained in the usage log 
data 108 becomes a predetennined amount or more 
too. The related amount of information is determined in 
accordance with for example the storage capacity of the 
external memory 201 . 

[0601] The download memory management unit 1 82 
outputs the content data C read out from the download 
memory 167, content key data Kc read out from the 
stack memory 200, and the user watermark use data 
196 input from the charge processing unit 187 to the de- 
cryption and/or expansion module management unit 
1 84 in the case where for example a reproduction oper- 
ation of the content is carried out in response to the op- 
eration signal S1 65 from the purchase form determina- 
tion operation unit 165 shown in Fig. 25. 
[0602] Also, the decryption and/or expansion module 
management unit 184 outputs the content file CF read 
out from the download memory 1 67 and the content key 
data Kc and a half disclosure parameter data 199 read 
out from the stack memory 200 to the decryption and/or 
expansion module management unit 184 when a demo 
operation of the content is carried out in response to the 
operation signal SI 65 from the purchase form determi- 
nation operation unit 165 shown in Fig. 25. 
[0603] Here, the half disclosure parameter data 199 
is described in the usage control policy data 106 and 
indicates the handling of the content in the demo mode. 
In the decryption and/or expansion module 163, it be- 
comes possible to reproduce the encrypted content data 
C in the half disclosure state based on the half disclo- 
sure parameter data 1 99. As the procedure of the half 
disclosure, there is for example a procedure of desig- 
nating the blocks to be decrypted and the blocks not to 
be decrypted by using the content key data Kc, limiting 
the reproduction function at the demo or limiting a demo 
enable period by the half disclosure parameter data 1 99 
by utilizing the fact that the decryption and/or expansion 
module 1 63 processes the data (signal) in units of pre- 
detemnined blocks. 

[0604] Below, an explanation will be made of the flow 
of the processing in the SAM 105i. 
[0605] First, an explanation will be made of the flow 
of the processing up to when the purchase form of the 
secure container 104 downloaded on the download 
memory 167 from the content provider 101 Is deter- 
mined by referring to Fig. 31 . 

[0606] When the operation signal 81 65 indicating the 
demo mode is output to the charge processing unit 1 87 
by the operation of the purchase and/or usage fonri de- 
termination operation unit 165 shown in Fig. 25 by the 
user, for example, the content file CFstored in the down- 
load memory 1 67 is output via the decryption and/or ex- 
pansion module management unit 1 84 to the decryption 
and/or expansion module 163 shown in Fig. 25. 
[0607] At this time, for the content file CF, mutual cer- 
tification between the mutual certification unit 170 and 



the media SAM 167a, encryption and/or decryption by 
the session key data Kses- mutual certification between 
the mutual certification unit 170 and the mutual certifi- 
cation unit 220, and encryption and/or decryption by the 

5 session key data Kqes carried out 

[0608] The content file CF is decrypted by using the 
session key data Kges at the decryption unit 221 shown 
in Fig. 25, and then output to the decryption unit 222. 
[0609] Also, the content key data Kc and the half dis- 

10 closure parameter data 199 read out from the stack 
memory 200 are output to the decryption and/or expan- 
sion module 163 shown in Fig. 25. At this time, afterthe 
mutual certification between the mutual certification unit 
170 andthemutual certification unit 220, encryption and 

15 decryption by the session key data Kses carried out 
with respect to the content key data Kc and the half dis- 
closure parameter data 1 99. 

[0610] Next, the decrypted half disclosure parameter 
data 1 99 is output to the half disclosure processing unit 
20 225. Under the control of the half disclosure processing 
unit 225, the decryption of the content data C using the 
content key data Kc by the decryption unit 222 is carried 
out in half disclosure. 

[0611] Next, the content data C decrypted in half dis- 
25 closure is expanded at the expansion unit 223 and then 
output to the electronic watennark information process- 
ing unit 224. 

[0612] Next, the user watemnark use data 196 is bur- 
ied in the content data C in the electronic watemnark in- 

30 fonnation processing unit 224, and then the content data 
C is reproduced at the reproduction module 169, and 
sound in accordance with the content data C is output. 
[0613] Then, when the user trying out the content de- 
temnines the purchase form by operating the purchase 

35 and/or usage form determination operation unit 1 65, the 
operation signal S1 65 indicating the related determined 
purchase form is output to the charge processing unit 
187. 

[0614] Then, in the charge processing unit 187, the 

40 usage log data 1 08 and the usage control status data 
166 in accordance with the detemnined purchase form 
are produced, the usage log data 1 08 is written into the 
external memory 201 via the external memory manage- 
ment unit 81 1 , and, at the same time, the usage control 

45 status data 1 66 is written into the stack memory 200. 
[0615] Thereafter, in the usage monitor unit 1 86, con- 
trol (monitoring) is carried out so that the content data 
is purchased and used within the range permitted by the 
usage control status data 1 66. 

50 [0616] Then, a new key file KF^ shown in Fig. 34C 
mentioned later is produced, and the related produced 
key file KF^ is stored in the download memory 167 via 
the download memory management unit 1 82. 
[0617] As shown in Fig. 34C, the usage control status 

55 data 166 stored in the key file KF-, is sequentially en- 
crypted by using the storage key data Kstr the me- 
dia key data K^^^d utilizing the CBC mode of the DES. 
[0618] Here, the storage use key data Kstr 's data 
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determined in accordance with the type of apparatus, 
for example, a SACD (Super Audio Compact Disc), a 
DVD (Digital Versatile Disc) apparatus, CD-R appara- 
tus, and MD (Mini Disc) apparatus and is used for es- 
tablishing one-to-one correspondence between the 
types of the apparatuses and the types of the storage 
media. Also, the media key data K^ed 's data unique to 
the storage medium. 

[0619] Also, in the signature processing unit 189, a 
hash value H^^ of the key file KF^ is produced by using 
the secret key data Kqami.s of the SAM 105^, and the 
related produced hash value H^^ is written into the stack 
memory 200 in correspondence to the key file KF^ . The 
hash value Hki is used for verifying the legitimacy of the 
producer of the key file KF^ and whether or not the key 
file KF^ was tampered with. 

[0620] Next, the flow of the processing where the con- 
tent data C with the purchase form already determined 
therefor stored in the download memory 1 67 will be ex- 
plained by referring to Fig. 31 . 

[0621] In this case, under the monitoring of the usage 
monitor unit 186, based on the operation signal SI 65, 
the content file CF stored in the download memory 1 67 
is output to the decryption and/or expansion module 1 63 
shown in Fig. 31 . At this time, mutual certification is car- 
ried out between the mutual certification unit 1 70 shown 
in Fig. 3 1 and the mutual certification unit 220 of the de- 
cr/ption and/or expansion module 1 63 shown in Fig. 25. 
[0622] Also, the content key data Kc read out from the 
stack memory 200 is output to the decryption and/or ex- 
pansion module 163. 

[0623] Then, in the decryption unit 222 of the decryp- 
tion and/or expansion module 163, the decryption of the 
content file CF using the content key data Kc and the 
expansion processing by an expansion unit 223 are car- 
ried out, and in the reproduction module 1 69, thecontent 
data C is reproduced. 

[0624] At this time, by the charge processing unit 1 87, 
the usage log data 108 stored in the external memory 
201 is updated in accordance with the operation signal 
SI 65. 

[0625] The usage log data 108 is read out from the 
extemal memory 201, and then, after passing through 
the mutual certification, transmitted via the EMD sen/ice 
center management unit 1 85 together with the signature 
data SIGgoo.sAMi to the EMD service center 1 02. 
[0626] Next, as shown in Fig. 32, the flow of the 
processing in the SAM 1 05^ in a case where for exam- 
ple, after the purchase forni of the content fileCF down- 
loaded on the download memory 1 67 of the network ap- 
paratus 160^ is detennined as mentioned above, a new 
secure container 1 04x storing the related content file CF 
is produced, and the secure container 104x is trans- 
ferred via the bus 1 91 to the SAM 1 05^ of the AV appa- 
ratus I6O2 will be explained by referring to Fig. 33. 
[0527] The user operates the purchase and/or usage 
form determination operation unit 165 and instructs the 
transfer of the predetemnined content stored in the 



download memory 167 to the AV apparatus leOg. and 
the operation signal SI 65 in accordance with the related 
operation is output to the charge processing unit 187. 
[0628] By this, the charge processing unit 187 up- 

5 dates the usage log data 108 stored in the extemal 
memory 201 based on the operation signal SI 65. 
[0629] Also, the charge processing unit 1 87 transmits 
the usage control status data 1 66 indicating the related 
detennined purchase fonn via the EMD service center 

^0 management unit 185 to the EMD service center 102 
whenever the purchase fomn of the content data is de- 
tennined. 

[0630] Also, the download memory management unit 
182 outputs the content file CF and the signature data 
15 SIGq^cp thereof shown in Fig. 5A, the key file KF and 
the signature data SIGy ^p thereof, and the key file KF^ 
and the hash value H^i thereof read out from the down- 
load memory 1 67 to the SAM management unit 1 90. At 
this time, the mutual certification between the mutual 
^0 certification unit 170 of the SAM 105^ and the media 
SAM 1 67a and the encryption and/or decryption by the 
session key data Kg^s are carried out. 
[0631] Also, the signature processing unit 1 89 obtains 
the hash value of the content file C F, produces signatu re 
^5 data SIG41 SAM1 by using the secret key data Kqami ,s. 
and outputs this to the SAM management unit 1 90. 
[0632] Also, the signature processing unit 1 89 obtains 
the hash value of the key file KF^, produces signature 
data SIG42 SAM1 by using the secret key data Kq^^^^ 3, 
30 and outputs this to the SAM management unit 1 90, 
[0633] Also, the SAM management unit 1 90 reads out 
the certificate data CERcp and the signature data 
SIGi,Esc thereof and the certificate data CERqami and 
the signature data SIGgg^nsc thereof shown in Fig. 34D 
55 • from the storage unit 1 92. 

[0634] Also, the mutual certification unit 170 outputs 
the session key data Kqes obtained by perfonming the 
mutual certification with the SAM 1 0Sg to the encryption 
and/or decryption unit 1 71 . 
40 [0635] The SAM management unit 190 produces a 
new secure container 1 04x comprised of the data shown 
in Figs. 34A, 34B, 34.C, and 34D, encrypts the secure 
container 104x in the encryption and/or decryption unit 
171 by using the session key data Kqes* and then out- 
^5 puts the same to the SAM 1052 of the AV apparatus I6O2 
shown in Fig. 32. 

[0636] At this time, in parallel to the mutual certifica- 
tion between the SAM 105^ and the SAM 1055, mutual 
certification of the bus 191 serving as the IEEE1394se- 

50 rial bus is carried out. 

[0637] Below, as shown in Fig. 32, the flow of the 
processing in the SAM 1052 when writing the secure 
container 1 04x input from the SAM 1 05^ into the storage 
medium I3O4 of a RAM type or the like will be explained 

55 by referring to Fig. 35. 

[0638] Here, the RAM type storage medium I3O4 has 
for exaniple an unsecure RAM region 134, a media SAM 
133. and a secure RAM region 132. 
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[0639] In this case, the SAM management unit 190 of 
the SAM 1052 receives as input the secure container 
1 04x from the SAM 1 05^ of the network apparatus 160^ 
as shown In Fig. 32 and Fig. 35. 
[0640] Then, in the encryption and/or decryption unit 
1 71 , the secure container 1 04x input via the SAM man- 
agement unit 190 is decrypted by using the session key 
data KsEs obtained by the mutual certification between 
the mutual certification unit 1 70 and the mutual certifi- 
cation unit 170 of the SAM 105^. 
[0641] Next, in the signature processing unit 189, the 
legitimacy of the signature data SIGg cp 's verified by 
using the public key data K^pp, and the legitimacy of 
the producer of the content file CF is confimned. Also, in 
the signature processing unit 1 89, the legitimacy of the 
signature data SIG4^ ,sami verified by using the public 
key data Ksami,p, and the legitimacy of the transmitter 
of the content file CF is confimned. 
[0642] Then, after it is confirmed that the producer 
and the transmitter of the content file CF are legitimate, 
the content file CF is output from the SAM management 
unit 1 90 to a storage module management unit 855, and 
the content file CF is written into the RAM region 134 of 
the RAM type storage medium I3O4 shown in Fig. 32. 
[0643] Also, the key file KF and the signature data 
SIG7 Qp and SIG42SAM1 thereof, the key file KF-, and the 
hash value Kj^-, thereof, the certificate data CER^p and 
the signature data SIG-i thereof, and the certificate 
data CERsAMi ^^id the signature data SIG22,esc thereof 
decrypted by using the session key data Kg^g ^^e writ- 
ten into the stack memory 200. 

[0644] Next, the signature processing unit 1 89 verifies 
the signature data SIG22.ESC read out from the stack 
memory 200 by using the public key data K^scp ""^^^ 
out from the storage unit 1 92 and confirms the legitima- 
cy of the certificate data CERsami* 
[0645] Then, the signature processing unit 189 veri- 
fies the legitimacy of the signature data SIG42,sami 
stored in the stack memory 200 by using the public key 
data KsAMi,p stored in the certificate data CERsami 
when confirming the legitimacy of the certificate data 
CER3AMI. Then, when it is verified that the signature 
data SIG42 SAM1 '® legitimate, the legitimacy of the key 
file KF is confirmed. 

[0646] Also, the signature processing unit 1 89 verifies 
the signature data SIG^ read out from the stack 
memory 200 by using the public key data K^sQp read 
out from the storage unit 1 92 and confirms the legitima- 
cy of the certificate data CERqp- 

[0647] Then, the signature processing unit 189 veri- 
fies the legitimacy of the signature data SIG7 SAMI 
stored in the stack memory 200 by using the public key 
data Kcpp stored in the certificate data CER^p when 
confirming the legitimacy of the certificate data CER^p. 
Then, when it is verified that the signature data 
S'^7,SAM1 legitimate, the legitimacy of the producer 
of the key file KF is confirmed. 

[0648] When it is confirmed that the producer and the 



transmitter of the key file KF are legitimate, the key file 
KF is read out from the stack memory 200 and written 
into thesecure RAM region 132 of the RAM type storage 
medium I3O4 shown in Fig. 34 via the storage module 

5 management unit 855. 

[0649] Also, the signature processing unit 1 89 verifies 
the legitimacy of the hash value Hki by using the public 
key data Kqami.p ^rid confirms the legitimacy of the pro- 
ducer and transmitter of the key file KF-, . 

10 [0650] Then, when the legitimacy of the producer and 
the transmitter of the key file KF^ is confimned, the key 
file KF^ shown in Fig. 34C is read out from the stack 
memory 200 and output to the encryption and/or decryp- 
tion unit 173. 

15 [0651] Note that, in the related example, the case 
where the producer and the transmitter of the key file 
KF^ were the same was mentioned, but where the pro- 
ducer and the transmitter of the key file KF., are different, 
the signature data of the producer and the signature da- 
20 taof the transmitter are produced with respect to the key 
file KF^, and the legitimacy of the both signature data is 
verified in the signature processing unit 189. 
[0652] Then, the encryption and/or decryption unit 
173 encrypts the content key data Kc and the usage 
25 control status data 166 in the key file KF^ by sequentially 
using the storage use key data Kstr: nnedia key data 
^MED' t*^® purchaser key data Kpi^g read out from 
the storage unit 192 and outputs the same to the storage 
module management unit 855. 
30 [0653] Then, by the storage module management unit 
855, the encrypted key file KF^ is stored in the secure 
RAM region 132 of the RAM type storage medium 13O4. 
[0654] Note that, the media key data K^ed 's stored 
in the storage unit 192 in advance by the mutual certifi- 
es cation between the mutual certification unit 170 shown 
in Fig. 33 and the media SAM 1 33 of the RAM type stor- 
age medium 13O4 shown in Fig. 32. 
[0655] Here, the storage use key data Kstr is data 
determined in accordance with the type of apparatus 
40 (AV apparatus 1 6O2 in the related example) of for exam- 
ple the SACD (Super Audio Compact Disc), DVD (Dig- 
ital Versatile Disc) apparatus, CD-R apparatus, and MD 
(Mini Disc) apparatus and is used for establishing one- 
to-one correspondence between the types of the appa- 
ls ratuses and the types of the storage media. Note that, 
the physical structures of the disc media are the same 
between SACD and DVD, so there is a case where the 
recording and/or reproduction of the storage medium of 
an SACD can be carried out by using a DVD apparatus. 
50 The storage use key data Ksjr performs the function of 
preventing illegitimate copies in such a case. 
[0656] Note that, in the present embodiment, it is also 
possible not to encrypt using the storage use key data 

^STR- 

55 [0657] Also, the media key data K^ed *^^ta unique 
to the storage medium (RAM type storage medium 1 3O4 
in the related example). 

[0658] The media key data K^^^q is stored in the stor- 
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age medium (RAM type storage medium 130^ shown in 
Fig. 32 in the related example). It is preferred from the 
viewpoint of the security that encryption and the decryp- 
tion using the media key data Kp^Eo ^® carried out in the 
media SAM of the storage medium. At this time, the me- 
dia key data K^ed stored in the related media SAM 
where the media SAM Is mounted in the storage medi- 
um, while is stored in for example a region out of man- 
agement of the host CPU 810 in the RAM region where 
the media SAM is not mounted in the storage medium. 
[0S59] Note that, it is also possible to perfonn the mu- 
tual certification between the apparatus side SAM (SAM 
1 052 the related example) and the media SAM (media 
SAM 1 33 in the related example), transfer the media key 
data K[^ED via the secure communication route to the 
apparatus side SAM, and perfonn the encryption and 
decryption using the media key data K^^eq appa- 
ratus side SAM as in the present embodiment. 
[0660] In the present embodiment, the storage use 
key data Kstr and the media key data K^ed used 
for protecting the security of the level of the physical lay- 
er of the storage medium. 

[0661] Also, the purchaser key data Kp,fj is data indi- 
cating the purchaser of the content file CF and is allo- 
cated by the EMD service center 1 02 to the related pur- 
chased user when for example the content is purchased 
by outright purchase. The purchaser key data Kp,N is 
managed in the EMD service center 102. 
[0662] Also, in the above embodiment, the case 
where the key f iles KF and KF^ were stored in the secure 
RAM region 132 of the RAM type storage medium I3O4. 
by using the storage module 260 was exemplified, but 
as indicated by a dotted line in Fig. 32, it is also possible 
to store the key files KF and KF^ in the media SAM 1 33 
from the SAM 1 0Sg. 

[0663] Next, the flow of the processing when deter- 
mining the purchase form in the AV apparatus ISOg 
where the user home network 303 is distributed the 
ROM type storage medium 130^ shown in Fig. 12 with 
the purchase fonn of the content undetemnined therefor 
off-line will be explained by referring to Fig. 36 and Fig. 
37. 

[0664] The SAM lOSg of the AV apparatus IGOg first 
performs the mutual certification between the mutual 
certification unit 170 shown in Fig. 37 and the media 
SAM 133 of the ROM type storage medium 130^ shown 
in Fig. 12, and then receives as input the media key data 
K^ED f'*^'^ media SAM 133. 

[0665] Note that, where the SAM 1 0Sg holds the me- 
dia key data K|^ed advance, it is also possible if the 
related input is not carried out. 

[0666] Next, the key file KF and the signature data 
SIG7 CP thereof and the certificate data CER^p and the 
signature data SIG-, ^sc thereof shown in Figs. 5B and 
5C stored in the secure container 104 stored in the se- 
cure RAM region 1 32 of the ROM type storage medium 
1 30^ are input via the media SAM management unit 1 97 
or not illustrated read out module management unit and 



are written into the stack memory 200. 
[0667] Next, in the signature processing unit 189, af- 
ter the legitimacy of the signature data SIG^ esc con- 
fimned, the public key data Kcp^p is extracted from the 
5 certificate data CER^p. and by using this public key data 
Kqpp, the legitimacy of the signature data SIG7 cp, that 
is, the legitimacy of the transmitter of the key file KF is 
verified. 

[0668] Also, in the signature processing unit 189, by 
10 using the public key data Kesc,p ^^^^ out from the stor- 
age unit 192, the legitimacy of the signature data 
SiG^^^ESc stored in the key file KF, that is, the legitimacy 
of the producer of the key file KF, is verified. 
[0669] When the legitimacy of the signature data 
^5 SIG7CP and SIGki^esc 's confirmed in the signature 
processing unit 189, the key file KF is read out from the 
stack memory 200 to the secure container decryption 
unit 183. 

[0670] Next, in the secure container decryption unit 

20 1 83, by using the distribution use data KD^ to KD3 of the 
corresponding period, the content key data Kc, usage 
control policy data 1 06, and the SAM program download 
containers SDC^ to SDC3 stored in the key file KF are 
decrypted and are written into the stack memory 200. 

25 [0671 ] Next, afterthe mutual certification between the 
mutual certification unit 170 shown in Fig. 37 and the 
decryption and/or expansion module 163 shown in Fig. 
36, the decryption and/or expansion module manage- 
ment unit 184 of the SAM lOSg outputs the content key 

30 data Kc stored in the stack memory 200 and the half 
disclosure parameter data 1 99 stored in the usage con- 
trol policy data 1 06 and the content data C stored in the 
content file CF read out from the ROM region 131 of the 
ROM type storage medium 130-, to the decryption and/ 

35 or expansion module 1 63 shown in Fig. 36. Next, in the 
decryption and/or expansion module 163, the content 
data 0 is decrypted in the half disclosure mode by using 
the content key data Kc and then expanded and output 
to a reproduction module 270. Then, in the reproduction 

40 module 270, the content data G from the decryption and/ 
or expansion module 163 is reproduced. 
[0672] Next, the purchase fonn of the content is de- 
tennined by the purchase operation of the purchase 
form detennination operation unit 165 shown in Fig. 36 

45 bytheuser, and the operation signal S165 indicatingthe 
related determined purchase form is input to the charge 
processing unit 187. 

[0673] Next, the charge processing unit 1 87 produces 
the usage control status data 1 66 in response to the op- 
50 eration signal SI 65 and writes this into the stack mem- 
ory 200. 

[0674] Next, the content key data Kc and the usage 
control status data 1 66 are output from the stack mem- 
ory 200 to the encryption and/or decryption unit 173. 
55 [0675] Next, the encryption and/or decryption unit 1 73 
sequentially encrypts the content key data Kc and the 
usage control status data 1 66 input from the stack mem- 
ory 200 by using the storage use key data Kstr, the me- 
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dia key data K^^ed- purchaser key data Kp,f^ read 

out from the storage unit 192 and writes them into the 
stack memory 200. 

[0676] Next, in the media SAM management unit 1 97, 
the key file KF^ shown in Fig. 34C is produced by using 
the encrypted content key data Kc, the usage control 
status data 166 and the SAM program download con- 
tainers SDC^ to SDC3 read out from the stack memory 
200. 

[0677] Also, in the signature processing unit 189, the 
hash value H^i of the key file KF^ shown in Fig. Figure 
C is produced, and the related hash value is output 
to the media SAW\ management unit 1 97. 
[0678] Next, after the mutual certification between the 
mutual certification unit 170 shown in Fig. 37 and the 
media SAM 133 shown in Fig. 36, the media SAM man- 
agement unit 197 writes the key file KF^ and the hash 
value into the secure RAM region 132 of the ROM 
type storage medium 130^ via a storage module 271 
shown in Fig. 36. 

[0679] By this, the ROM type storage medium 130^ 
with the purchase form determined therefor is obtained. 
[0680] At this time, the usage control status data 1 66 
and the usage log data 1 08 produced by the charge 
processing unit 1 87 are read out from the stack memory 
200 and the external memory 201 at the predetermined 
timing and transmitted to the EMD service center 102. 
[0681 ] Note that, where the key file KF is stored in the 
media SAM 1 33 of the ROM type storage medium 1 30^, 
as indicated by the dotted line in Fig. 36, the SAM 1052 
receives as input the key file KF from the media SAM 
133. Also, in this case, the SAM lOSa writes the pro- 
duced key file KF^ into the media SAM 133. 
[0682] Below, as shown in Fig. 38, the flow of the 
processing when the secure container 104 is read out 
from the ROM type storage medium 130^ with the pur- 
chase form undetermined therefor in the AV apparatus 
I6O3 to produce a new secure container 104y, this is 
transferred to the AV apparatus 1 6O2, the purchase form 
is determined in the AV apparatus 1 6O2, and this is writ- 
ten Into a RAM type storage medium 13O5 will be ex- 
plained by referring to Fig. 39 and Fig. 40. 
[0683] Note that, the transfer of the secure container 
104 from the ROM type storage medium 130^ to the 
RAM type storage medium 13O5 can be carried out be- 
tween the network apparatus 160^ shown in Fig. 1 and 
any of the AV apparatuses 1 60^ to 1 6O4 shown in Fig. 1 . 
[0684] First, mutual certification is carried out be- 
tween the SAM 1 063 of the AV apparatus 1 6O3 and the 
media SAM 1 33 of the ROM type storage medium 1 30^ , 
and media key data K^edi of the ROM type storage me- 
dium 130^ is transferred to the SAM lOSg. 
[0685] Also, mutual certification is carried out be- 
tween the SAM 1 0Sg of the AV apparatus 1 6O2 and the 
media SAM 133 of the RAM type storage medium I3O5, 
and media key data Kmed2 of f^e RAM type storage me- 
dium I3O5 is transferred to the SAM 1052- 
[0686] Note that, where encryption using the media 



key data K|^edi *^med2 carried out in the media 
SAM 133 and the media SAM 133, the transfer of the 
media key data K^edi and Kmed2 is not carried out. 
[0687] Next, the SAM 1063 outputs the content file OF 

5 and the signature data SIGg^cp thereof shown in Fig. 5A 
read out from the ROM region 1 31 of the ROM type stor- 
age medium 1 30^ , the key file KF and the signature data 
SiGy CP thereof shown in Figs. 5B and 50 read out from 
the secure RAM region 132, and the certificate data 

10 CERqp and the signature data SIG^ esc thereof to the 
encryption and/or decryption unit 171 via the media 
SAM management unit 197 or not illustrated read out 
module management unit as shown in Fig. 39. 
[0688] Also, the content file OF and the key file KF are 

15 output from the media SAM management unit 197 to the 
signature processing unit 1 89. 

[0689] Then, in the signature processing unit 1 89, the 
hash values of the content file OF and the key file KF 
are obtained, signature data SIGssq^sams 
20 SIG352^sAM3 produced by using secret key data 
KsAM3,S' t*^^y output to the encryption and/or 
decryption unit 171 . 

[0690] Also, the certificate data CERqams the sig- 
nature data SIG351 ESC thereof are read out from the 
25 storage unit 1 92 and output to the encryption and/or de- 
cryption unit 171 . 

[0691] Then, the secure container 104y shown in Fig. 
40 is encrypted by using the session key data Kqes 
tained by mutual certification between the SAM lOSg 

30 and lOSg in the encryption and/or decryption unit 171 
and then output via the SAM management unit 190 to 
the SAM 1052 of the AV apparatus 160^. 
[0692] in the SAM 1 052, as shown in Fig. 41 , the se- 
cure container 1 04y shown in Fig. 40 inputfrom the SAM 

35 1053 via the SAM management unit 1 90 is decrypted in 
the encryption and/or decryption unit 171 by using the 
session key data Kqes. then the legitimacy of the 
signature data SIGqcp and SIGssq^sams stored in the 
secure container 1 04y, that is, the legitimacy of the pro- 

40 ducer and the transmitter of the content file OF is con- 
firmed. 

[0693] Then, after it is confirmed that the producer 
and the transmitter of the content file OF are legitimate, 
the content file OF is written into the RAM region 134 of 
45 the RAM type storage medium 1 3O5 via the media SAM 
management unit 197. 

[0694] Also, after the key file KF and the signature da- 
ta SIG7 Qp and SIG350 SAM3 thereof and certificate data 
CERsAM3 the signature data StGss^ ESct*^©reof in- 

50 put from the SAM IO53 via the SAM management unit 
1 90 are written Into the stack memory 200, they are de- 
crypted in the encryption and/or decryption unit 171 by 
using the session key data Kqes- 
[0695] Next, the related decrypted signature data 

55 SIG35-, ESC verified in the signature processing unit 
189. When the legitimacy of the certificate data 
CERqams confirmed, by using the public key data 
K3AM3 stored in the certificate data CERqamS' the legit- 
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imacy of the signature data SIGy ^p and SlGggg g^i^g. 
that is, the legitimacy of the producer and thetransnmitter 
of the key file KF is confimned. 

[0696] Then, when the legitimacy of the producer and 
the transmitter of the key file KF is confirmed, the key 
file KF is read out from the stack memory 200 and output 
to the secure container decryption unit 183. 
[0697] Next, the secure container decryption unit 1 83 
decrypts the key file KF by using the distribution use da- 
ta KD^ to KD3 of the corresponding period and writes 
the related decrypted key file KF into the stack memory 
200. 

[0698] Next, the usage control policy data 1 06 stored 
in the already decrypted key file KF stored in the stack 
memory 200 is outputto the usage monitor unit 1 86. The 
usage monitor unit 1 86 manages the purchase form and 
usage fomri of the content based on the usage control 
policy data 106. 

[0699] Next, for example, when the demo mode is se- 
lected by the user, the content data C of the content file 
CF already decrypted by the session key data K3E3, the 
content key data Kc stored in the stack memory 200, the 
half disclosure parameter data 199 obtained from the 
usage control policy data 1 06, and the user watermark 
use data 196 are output via the decryption and/or ex- 
pansion module management unit 1 84 shown in Fig, 38 
to the reproduction module 270 after passing through 
mutual certification. Then, in the reproduction module 
270, the reproduction of the content data C correspond- 
ing to the demo mode is carried out. 
[0700] Next, the purchase and/or usage form of the 
content is detemiined by the operation of the purchase 
and/or usage form determination operation unit 165 
shown in Fig. 38 by the user, and the operation signal 
SI 65 in accordance with the related determination is 
output to the charge processing unit 1 87. 
[0701] Then, in the charge processing unit 187, the 
usage control status data 166 and the usage log data 
1 08 are produced in accordance with the determined 
purchase and/or usage fomn and are written into the 
stack memory 200 and the external memory 201 . 
[0702] Next, the content key data Kc and the usage 
control status data 1 66 are read out from the stack mem- 
ory 200 to the encryption and/or decryption un it 1 73, se- 
quentially encrypted in the encryption and/or decryption 
unit 1 73 by using the storage use key data Kg-pR, media 
key data Kj^^pg- purchaser key data Kp,^ read 

out from the storage unit 1 92, and output to the storage 
module management unit 855. Then, for example, in the 
storage module management unit 855, the key file KF^ 
shown in Fig. 34C is produced, and the key file KF^ is 
written into the media SAM 133 of the RAM type storage 
medium 1 3O5 via the media SAM management unit 1 97. 
[0703] Also, the content file CF stored in the secure 
container 1 04y is written into the RAM region 1 34 of the 
RAM type storage medium 1 305 by the storage module 
management unit 855. 

[0704] Also, the usage control status data 1 66 and the 



usage log data 108 are transmitted to the EMD service 
center 102 at the predetemnined timing. 
[0705] Below, an explanation will be made of the 
method of realization of the SAMs 105^ to IO54. 

5 [0706] Where the functions of the SAMs 1 05^ to 1 064 
are realized as hardware, by using an ASIC type CPU 
including a memory, data having a high degree of se- 
crecy such as a security functional module for realizing 
the functions shown in Fig. 26, program module for per- 

10 fomning the rights clearing of the content, and the key 
data are stored in that memory. One series of rights 
clearing use program modules such as an encryption 
library module (public key code, common key code, ran- 
dom number generator, hash function), program module 

^5 for the usage control of the content, and the program 
module of the charge processing are mounted as for ex- 
ample software. 

[0707] For example, a module such as the encryption 
and/or decryption unit 171 shown in Fig. 26 is mounted 

20 as an IP core in the ASIC type CPU as hardware due to 
the problem of for example processing speed. Depend- 
ing on the clock speed or perfomnance of the CPU code 
system etc., it is also possible to mount the encryption 
and/or decryption unit 171 as software. 

25 [0708] Also, as the storage unit 192 shown in Fig. 26, 
the program module for realizing the functions shown in 
Fig. 26, and the memory for storing the data, use is 
made offer example a nonvolatile memory (flash-ROM), 
while as the working memory, a high speed writable 

30 memory such as an SRAM is used. Note that, otherthan 
them, as the memory included in the SAMs 1 05-, to 1 064, 
it is also possible to use a ferroelectric memory (FeR- 
AM). 

[0709] Also, in the SAMs 1 05^ to 1 064, other than the 

35 above, a clock function used for the verification of the 
date in the expiration date and the contract period etc. 
for the usage of the content is included. 
[0710] As mentioned above, the SAMs 105^ to 1064 
have tamper resistance sheltering the program module, 

40 data, and the processing content from the outside. In 
order to prevent the program and content of data having 
high secrecy stored in the memory inside the IC of the 
related SAM and values of the register group related to 
the system configuration of the SAM and the encryption 

45 library and the register group of the clock from being 
read out and newly written via the bus of the host CPU 
of the apparatuses with the SAMs 105^ to 1064 mounted 
thereon, that is, in order to prevent the host CPU of the 
mounted apparatus from not existing in the allocated ad- 

50 dress space, an address space not seen from the host 
CPU on the mounted apparatus side is set up in the re- 
lated SAM by using an MMU (memory management 
unit) for managing the memory space on the CPU side. 
[0711] Also, the SAMs 105., to IO54 have structures 

55 durable against physical attack from the outside such 
as X-rays or heat and further have structures such that, 
even if real-time debugging (reverse engineering) using 
a debug use tool (hardware ICE or software ICE) or the 
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like is carried out, the processing content thereof cannot 
be seen or the debug use tool per se cannot be used 
after the manufacture of the IC. 

[071 2] The SAMs 1 05^ to 1 064 per se are usual ASIC 
type CPUs including mennories in the hardware struc- 
ture. Their functions depend on the software for operat- 
ing the related CPU, but are different from the general 
ASIC type CPU in the point that they have a hardware 
structure of the encryption function and tamper resist- 
ance. 

[0713] Where all of the functions of the SAMs 105^ to 
1064 are realized by software, there are cases where 
the software processing is carried out by enclosing the 
same inside a module having the tamper resistance and 
cases where they are achieved by software processing 
on the host CPU mounted on the usual set and steps 
are taken so that decipherment becomes impossible at 
only the related processing. The fonmer is the same as 
the case where an encryption library module is stored 
in the memory as not the IP core, but the usual software 
module, and can be considered similar to the case 
where the functions are realized as the hardware. On 
the other hand, the latter is referred to as tamper resist- 
ant software. Even if the execution situation is deci- 
phered by the ICE (debugger), the execution sequence 
of the tasks is scattered (in this case, tasks are divided 
so that the a divided task has a meaning as a program, 
that is, no influence will be exerted upon the lines before 
and after that), and the tasks per se are encrypted, so 
one type of secure processing can be realized similar to 
a task scheduler (MIniOS). The related task scheduler 
is buried in the target program. 

[0714] Next, an explanation will be made of the de- 
cryption and/or expansion module 1 63 shown in Fig. 25. 
[071 5] As shown in Fig. 25, the decryption and/or ex- 
pansion module 163 has the mutual certification unit 
220, decryption unit 221 , decryption unit 222, expansion 
unit 223, electronic watermark information processing 
unit 224, and the half disclosure processing unit 225. 
[071 6] The mutual certification unit 220 performs the 
mutual certification with the mutual certification unit 1 70 
shown in Fig. 32 when the decryption and/or expansion 
module 1 63 receives as its input the data from the SAM 
105i and produces the session key data Kqes- 
[0717] The decryption unit 221 decr/pts the content 
key data Kc, half disclosure parameter data 199. user 
watermark use data 196, and the content data C input 
from the SAM 1 05^ by using the session key data Kg^s- 
Then, the decryption unit 221 outputs the decrypted 
content key data Kc and the content data C to the de- 
cryption unit 222, outputs the decrypted user watermark 
use data 1 96 to the electronic watermark information 
processing unit 224, and outputs the half disclosure pa- 
rameter data 199 to the half disclosure processing unit 
225. 

[0718] The decryption unit 222 decrypts the content 
data C in the half disclosure mode by using the content 
key data Kc under the control from the half disclosure 
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processing unit 225 and outputs the decrypted content 
data C to the expansion unit 223. 
[0719] The expansion unit 223 expands the decrypted 
content data C and outputs the same to the electronic 

5 watemnark infomnation processing unit 224. 

[0720] The expansion unit 223 performs the expan- 
sion processing by using the AN expansion use soft- 
ware stored in the content file CF shown in Fig. 5A and 
performs the expansion processing by for example the 

10 ATRAC3 method. 

[0721] The electronic watermark information process- 
ing unit 224 buries the user watermark in accordance 
with decrypted user watermark use data 1 96 in the de- 
crypted content data C and produces new content data 

15 c. The electronic watennark infomnation processing unit 
224 outputs the related new content data C to the repro- 
duction module 169. 

[0722] ' In this way, the user watermark is buried at the 
decryption and/or expansion module 153 when repro- 
20 ducing the content data C. 

[0723] Note that, in the present invention, it is also 
possible if the user watennark use data 1 96 is not buried 
in the content data C. 

[0724] The half disclosure processing unit 225 in- 
25 structs the blocks not to be decrypted and the blocks to 
be decrypted in for example the content data C to the 
decryption unit222 based on the half disclosure param- 
eter data 199. 

[0725] Also, the half disclosure processing unit 225 
30 performs the control such as limiting the reproduction 
function at the time of a demo or the demo period based 
on the half disclosure parameter data 1 99. 
[0726] The reproduction module 1 69 perfomns the re- 
production in accordance with the decrypted and ex- 
35 panded content data C, 

[0727] Next, an explanation will be made of the data 
format when transmitting and receiving data with the sig- 
nature data produced by using the secret key data at- 
tached thereto and the certificate data among the con- 
40 tent provider 1 01 , EMD service center 1 02, and the user 
home network 103. 

[0728] Figure 42A is a view for explaining the data for- 
mat where the data Data is transmitted from the content 
provider 1 01 to the SAM 1 05^ by the in-band method. 
45 [0729] In this case, a module Modgo encrypted by the 
session key data Kqes obtained by the mutual certifica- 
tion between the content provider 101 and the SAM 
1 05^ is transmitted from the content provider 1 01 to the 
SAM 105^ 

50 [0730] In the module Modgo, a module Modg^ and the 
signature data SIGcp by the secret key data Kcp,s there- 
of are stored. 

[0731] In the module Modg^ , the certificate data CER- 
(-.p storing the secret key data K^p^p of the content pro- 
55 vider 1 01 , the signature data SIGesc based on the se- 
cret key data K^sc.s ^'^h respect to the certificate data 
CERcp. and the data Data to be transmitted are stored. 
[0732] In this way. by transmitting the module Modgo 
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storing the certificate data CERcp from the content pro- 
videnoi to the SAM lOS^. when verifying the signature 
data SIGcp at the SAM lOS^. it becomes unnecessary 
to transmit the certificate data CERcp from the EMD 
service center 1 02 to the SAM 1 05^ . 5 
[0733] Figures 42B and 42C are views for explaining 
the data fomnat where the data Data is transmitted from 
the content provider 1 01 to the SAM 1 05^ by the out-of- 
band method. 

[0734] In this case, a module Modgg shown in Fig. 42B io 
encrypted by the session key data Kges obtained by the 
mutual certification between the content provider 101 
and the SAM 105^ is transmitted from the content pro- 
vider 1 01 to the SAM 1 05^. 

[0735] In the module Mod52, the data Data to be trans- is 
mitted and the signature data SIG^p by the secret key 
data Kqpq thereof are stored. 

[0736] Further, a module Modga shown in Fig. 42C en- 
crypted by the session key data Kg^s obtained by the 
mutual certification between the EMD service center 20 
102 and the SAM 105^ is transmitted from the EMD 



service center 1 02 to the SAM 1 05^. 
[0737] In the module Modgg, the certificate data CER- 
cp of the content provider 101 and the signature data 
S IGesc by the secret key data K^scs thereof are stored. 25 
[0738] Figure 42D is a view for explaining the data for- 
mat of the case where the data Data is transmitted from 
the SAM 1 05^ to the content provider 1 01 by the in-band 
method. 

[0739] In this case, a module Mod54 encrypted by the 30 
session key data Kses obtained by the mutual certifica- 
tion between the content provider 101 and the SAM 
105^ is transmitted from the SAM 105^ to the content 
provider 101. 

[0740] In the module Modg^, a module Modgg and the 35 
signature data SIGsami by the secret key data K^.^, ^ 
thereof are stored. ' 
[0741] In the module Modgg. the certificate data 
*^ERsAMi storing the secret key data Ksami p of the 
SAM 1 05^ , the signature data SIGesc by the secret key 40. 
data Kesc.s with respect to the certificate data 
^^^SAM1. and the data Data to be transmitted are 
stored. 

[0742] In this way, by transmitting the module Modgg 
storing the certificate data CERsami from the SAM 1 05^ 45 
to the content provider 101, when verifying the signature 
data SIGsami ^he content provider 101, it becomes 
unnecessary to transmit the certificate data CERsami 
from the EMD service center 1 02 to the content provider 

[0743] Figures 42E and 42F are views for explaining 
the data fomriat where the data Data is transmitted from 
the SAM 1 05., to the content provider 1 01 by the out-of- 
band method. 

[0744] In this case, a module Modsg shown in Fig. 42E 55 
encrypted by the session key data Kg^s obtained by the 
mutual certification between the content provider 101 
and the SAM 1 05^ is transmitted from the SAM 1 05^ to 



the content provider 1 01 . 

[0745] In the module Mod^, the data Data to be trans- 
mitted and the signature data SIGsami by the secret key 
dsta f^SAMi.s thereof are stored. 
[0746] Also, from the EMD service center 1 02 to the 
content provider 101 . a module Modsy shown In Fig. 42F 
encrypted by session key data Kqes obtained by the mu- 
tual certification between the EMD service center 102 
and the content provider 101 is transmitted. 
[0747] In the module Modgy, the certificate data 
^^•^SAMi of the SAM 105^ and the signature data Sl- 
Gesc by the secret key data K^scs thereof are stored. 
[0748] Figure43G is a viewforexplaining the data for- 
mat where the data Data is transmitted from the content 
provider 101 to the EMD service center 102 by the in- 
band method. 

[0749] In this case, a module Modgg encrypted by the 
session key data Kses obtained by the mutual certifica- 
tion between the content provider 101 and the EMD 
service center 102 is transmitted from the content pro- 
vider 1 01 to the EMD service center 102. 
[0750] In the module Modgg, a module Modgg and the 
signature data SIG^p by the secret key data Kqps there- 
of are stored. 

[0751] In the module Modgg, the certificate data CER- 
cp storing the secret key data K^p^p of the content pro- 
vider 1 01 , the signature data SIGesc by the secret key 
data Kgsc.s with respect to the certificate data CER^p, 
and the data Data to be transmitted are stored. 
[0752] Figure43H is a view for explaining the data for- 
mat of the case where the data Data is transmitted from 
the content provider 1 01 to the EMD service center 1 02 
by the out-of-band method. 

[0753] In this case, from the content provider 1 01 to 
the EMD service center 1 02, a module Modgo shown in 
Fig. 43H encrypted by the session key data Kqes ob- 
tained by the mutual certification between the content 
provider 101 and the EMD service center 102 is trans- 
mitted. 

[0754] In the module Modgo, the data Data to be trans- 
mitted and the signature data SIG^p by the secret key 
data Kcps thereof are stored. 

[0755] At this time, the certificate data CERcp of the 
content provider 1 01 has been already registered in the 
EMD service center 1 02. 

[0756] Figure 431 is a view for explaining the data for- 
mat where the data Data is transmitted from the SAM 
105^ to the EMD service center 102 by the in-band 
method. 

[0757] In this case, a module Mode^ encrypted by the 
session key data Kses obtained by the mutual certifica- 
tion between the EMD service center 102 and the SAM 
1 05^ is transmitted from the SAM 1 05^ to the EMD serv- 
ice center 1 02. 

[0758] In the module Modgi, a module Mod62 and the 
signature data SIGqami by the secret key data Kqami s 
thereof are stored. 

[0759] In the module Modgs, the certificate data 
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CERsAMi storing the secret key data Ks^mi.p of the 
SAM 1 05-, , the signature data SIGesc by the secret key 
data Kesc.s with respect to the certificate data 
CERsAMi- ^"cl the data Data to be transmitted are 
stored. 

[0760] Figure 43J is a view for explaining the data for- 
mat where the data Data is transmitted from the SAM 
1 05^ to the EMD service center 1 02 by the out-of-band 
method. 

[0761 ] In this case, a module Modga shown in Fig. 43J 
encrypted by the session key data Kg^g obtained by the 
mutual certification between the EMD service center 
102 andtheSAM 105^ istransmittedfrom the SAM 105^ 
to the EMD service center 1 02. 

[0762] In the module Modga, the data Data to be trans- 
mitted and the signature data SIGg^^^ by the secret key 
data K3AM1.S thereof are stored. 
[0763] At'this time, in the EMD service center 1 02, the 
certificate data CERsami of the SAM 1 05^ has been al- 
ready registered. 

[0764] Below, an explanation will be made of the reg- 
istration processing in the EMD service center 102 at 
the time of shipment of the SAMs 1 05., to 1 064. 
[0765] Note that, the registration processings of the 
SAMs 105^ to 1054 are the same, so the registration 
processing of the SAM 105-, will be mentioned below. 
[0766] At the time of shipment of the SAM 105^, by 
the key server 141 of the EMD service center 102 shown 
in Fig. 24, the key data shown below is initially registered 
In the storage unit 1 92 shown in Fig. 26 etc. via the SAM 
management unit 149. 

[0767] Further, in the SAM 105^ , for example, at the 
time of shipment, the program etc. used when accessing 
the EMD service center 102 by the SAM 105^ the first 
time are stored in the storage unit 192 etc. 
[0768] Namely, in the storage unit 192, for example, 
the identifier SAMJD of the SAM 105^ given an at 
the left side in Fig. 30, storage use key data Kstr. public 
key data Kr.ca of the route certificate authority 2, public 
key data K^gcp of the EMD service center 102, secret 
key data Ksami,s of ^^e SAM 105.,, certificate data 
CERgAMi and the signature data SIG22,esc thereof, and 
the original key data for creating the certification use key 
data between the decryption and/or expansion module 
163 and the media SAM are stored by the Initial regis- 
tration. 

[0769] Note that, it is also possible to transmit the cer- 
tificate data CERsAMt ^^^^ the EMD service center 1 02 
to the SAM 105^ when registering the same after the 
time of shipment of the SAM 105^. 
[0770] Also, in the storage unit 192, atthe time of ship- 
ment of the SAM 1 05^ , a file reader indicating the read- 
ing format of the content file CF and the key file KF 
shown in Fig. 5 is written by the EMD service center 1 02. 
[0771 ] In the SAM 1 05^ , when utilizing the data stored 
in the content file CF and the key file KF, the file reader 
stored in the storage unit 192 is used. 
[0772] Here, the public key data Kr.q^^ of the route 



certificate authority 2 uses an RSA generally used in 
electronic commercial transactions over the Internet 
and has a data length of for example 1 024 bits. The pub- 
lic key data Kr.ca issued by the route certificate au- 

5 thority 2 shown in Fig. 1 . 

[0773] Also, the public key data K^scp of the EMD 
service center 102 is produced by utilizing an elliptical 
curve code having a short data length and a power 
equivalent to the RSA or more. Its data length is for ex- 

10 ample 1 60 bits. Note, when considering the power of the 
encryption, desirably the public key data K^scp *• ^2 
bits or more. Further, the EMD service center 102 reg- 
isters the public key data K^scp in the route certificate 
authority 92. 

15 [0774] Also, the route certificate authority 92 produc- 
es the certificate data CERgsc of the public key data 
Ke3C p. The certificate data CER^gc storing the public 
key data K^scp '® Preferably stored in the storage unit 
192 at the time of shipment of the SAM 105^. In this 

20 case, the certificate data CER^sc signed by a secret 
key data Krqot.s of the route certificate authority 92. 
[0775] The EMD service center 102 produces the se- 
cret key data Kqami.s of the SAM 105^ by generating a 
random number and produces the public key data 

25 K^fi^^-i p forming a pair together with this. 

[0776] Also, the EMD service center 1 02 is given the 
certification of the route certificate authority 92, issues 
the certificate data CERqami of the public key data 
Kqami P' attaches the signature data to this by using 

30 its own secret key data Kesc.s- Namely, the EMD serv- 
ice center 1 02 achieves the function of a second CA 
(certificate authority). 

[0777] Also, the unique identifier SAMJD under the 
management of the EMD service center 1 02 is allocated 

35 to the SAM 105-1 by the SAM management unit 149 of 
the EMD service center 102 shown in Fig. 24. This is 
stored in the storage unit 192 of the SAM 105^ and, at 
the same time, stored also in the SAM database 149a 
shown in Fig. 24 and managed by the EMD service cent- 

40 er102. 

[0778] Also, the SAM 1 05., is connected to and regis- 
tered at the EMD service center 1 02 by for example the 
user after the time of shipment. At the same time, the 
distribution use public key data KD^ to KD3 are trans- 
45 ferred from the EMD service center 1 02 to the storage 
unit 192. 

[0779] Namely, the user utilizing the SAM 105., must 
perform a registration procedure at the EMD service 
center 1 02 before downloading the content. This regis- 

50 tration procedure is carried out off-line by for example 
mall by the user himself giving information specifying 
himself by using for example a registration card at- 
tached when purchasing the apparatus with the SAM 
105^ mounted thereon (in the related example, network 

55 apparatus 1 60^). 

[0780] The SAM 1 05^ cannot be used until the regis- 
tration procedure is passed. 

[0781] The EMD service center 102 issues the iden- 
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tifier USER_ID inherent to the user in accordance with 
the registration procedure of the SAM 105^ by the user, 
manages the correspondence between the SAM_fD 
and the USERJD in for example the SAIVI database 
1 49a shown in Fig. 24, and utilizes the same at the time 
of charging. 

[0782] Also, the EMD service center 1 02 allocates the 
information reference use identifier ID and the password 
used at the first time to the user of the SAM 105^ and 
notifies this to the user. The user can make an inquiry 
about information for example the usage situation (us- 
age log) of the content data up to the present at the EMD 
service center 102 by using the information reference 
use identifier ID and the password. 
[0783] Also, the EMD service center 1 02 confimis the 
identity of the user at the credit card company or the like 
or conf imns the user off-line at the time of registration of 
the user. 

[0784] Next, as shown In Fig. 30, an explanation will 
be made of the procedure for storing the SAM registra- 
tion list in the storage unit 192 inside the SAM 105^. 
[0785] The SAM 105^ shown in Fig. 1 acquires the 
SAM registration list of the SAMs 105^ to 105^ existing 
in its own system by utilizing a topology map produced 
when powering up apparatuses connected to the bus 
191 and connecting new apparatuses to the bus 191 
where for example the IEEE1394 serial bus is used as 
the bus 191. 

[0786] Note that, the topology map produced in ac- 
cordance with the IEEE1394 serial bus. that is, the bus 
1 91 , is produced for the SAMs 1 05^ to 1 064 and SCMS 
processing circuits 1065 and lOSg when, for example, 
as shown in Fig. 44, in addition to the SAMs 105^ to 
1064, SCMS processing circuits lOSg and lOSg of AV 
apparatus 1 6O5 and 1 60q are connected to the bus 1 91 . 
[0787] Accordingly, the SAM 105^ extracts the infor- 
mation for the SAMs 105^ to 1064 from the related to- 
pology map and produces the SAM registration list 
shown in Fig. 45. 

[0788] Then, the SAM 105^ registers the SAM regis- 40 
tration list shown in Fig. 45 in the EMD service center 
102 and acquires the signature. 
[0789] These processings are automatically carried 
out by the SAM 1 05^ by utilizing the session of the bus 
1 91 . The registration Instruction of the SAM registration 45 
list is issued to the EMD service center 1 02. 
[0790] The EMD service center 102 confirms the ex- 
piration date when receiving the SAM registration list 
shown in Fig. 45 from the SAM lOS^. Then, the EMD 
service center 1 02 sets up the corresponding portion by so 
refemng to the existence of the settlement function des- 
ignated by the SAM 105^ at the time of registration. Fur- 
ther, the EMD service center 102 checks the revocation 
list and sets a revocation flag in the SAM registration 
list. The revocation list is the list of the SAMs for which 55 
usage Is prohibited (invalid) by the EMD service center 
102 for the reason of for example illegitimate usage. 
[0791] Also, the EMD service center 1 02 extracts the 



SAM registration list corresponding to the SAM 105^ at 
the time of settlement and confirms If the SAM described 
therein Is contained In the revocation list. Further, the 
EMD service center 102 attaches the signature to the 
5 SAM registration list. 

[0792] By this, the SAM registration list shown In Fig. 
46 Is produced. 

[0793] Note that, the SAM revocation list is produced 
aimed at only the SAMs of the identical system (con- 
nected to the identical bus 191), and the validity and in- 
validity of the related SAMs are Indicated by the revo- 
cation flag con-esponding to each SAM. 
[0794] Below, an explanation will be made of the over- 
all operation of the content provider 1 01 shown In Fig. 1 . 
[0795] Figure 47 is a flowchart of the overall operation 
of the content provider 1 01 . 

[0796] Step SI : The EMD service center 102 trans- 
mits the certificate data CERcp of the public key data 
Kqp of the content provider 101 to the content provider 
101 afterthe content provider 101 goes through the pre- 
determined registration processing. 
[0797] Also, the EMD service center 1 02 transmits the 
certificate CERcp^ to CERcp4 of the public key data 
*^SAMi.p to '<sAM4.p the SAMs 105i to IO54 to the 
SAMs 105i to 1054 afterthe SAMs 105-, to IO54 pass 
through the predetemnined registration processing. 
[0798] Also, the EMD service center 102 transmits 
three months' worth of the distribution use key data KD., 
to KD3 each having the expiration date of one month to 
the SAMs 105^ to IO54 of the user home network 103 
afterthe mutual certification. 

[0799] In this way. in the EMD system 1 00, the distri- 
bution use key data KD^ to KD3 are distributed to the 
SAMs 105^ to 1054 in advance. Therefore, even in the 
state where the space between the SAMs 1 05^ to 1 054 
and the EMD service center 102 is off-line, the secure 
container 1 04 distributed from the content provider 1 01 
can be decrypted and purchased and used in the SAMs 
1 05^ to 1 054. In this case, the log of the related purchase 
and/or usage is described in the usage log data 108, 
and the usage log data 1 08 is automatically transmitted 
to the EMD service center 1 02 when the SAMs 1 05^ to 
1054 and the EMD service center 102 are connected. 
Therefore, the settlement processing in the EMD serv- 
ice center 102 can be reliably earned out. Note that, a 
SAM for which usage log data 108 cannot be collected 
by the EMD service center 102 in a predetermined pe- 
riod is regarded as being invalidated by the revocation 
list. 

[0800] Note that, the usage control status data 1 66 is 
transmitted from the SAMs 105-, to IO54 to the EMD 
service center 1 02 in real-time in principle. 
[0801] Step S2: The content provider 101 transmits 
the right registration request module Modg shown In Fig. 
1 8 to the EMD service center 1 02 after the mutual cer- 
tification. 

[0802] Then, the EMD service center 102 registers 
and authenticates the usage control policy data 1 06 and 
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the content key data Kc after the predetemnined signa- 
ture verification. 

[0803] Also, the EM D service center 1 02 produces six 
months' worth of the key files KF in accordance with the 
registration use module Modg and transmits them to the 
content provider 101. 

[0804] Step S3: The content provider 101 produces 
the content files CF and the signature data SIGg.cp 
thereof and the key file KF and the signature data 
SIGycp thereof shown in Figs. 5A and 5B and distrib- 
utes the secure container 1 04 storing them and the cer- 
tificate data CERcp and the signature data SIG^ ^sc 
thereof shown in Fig. 50 to the SAMs 105^ to 1064 of 
the user home network 103 on-line and/or off-line, 
[0805] In the on-line case, the content provider use 
transport protocol is used. The secure container 104 is 
transported from the content provider 101 to the user 
home network 103 in a form not depending upon the 
related protocol (namely, as data transmitted by using a 
predetermined layer of communication protocol com- 
prised of a plurality of layers). Also, in the off-line case, 
the secure container 1 04 is transported from the content 
provider 1 01 to the user home network 1 03 in the state 
stored in a ROM type or RAM type storage medium. 
[0806] Step S4: The SAMs 1 05^ to SAM 1064 of the 
user home network 103 verify the signature data 
SIGq CP. SIG7 CP. and SIGki ,esc secure container 
104 distributed from the content provider 101 and con- 
firm the legitimacy of the producer and transmitter of the 
content file OF and the key file KF, then decrypt the key 
file KF by using the distribution use data KD^ to KDg of 
the con^esponding period. 

[0807] Step S5: In the SAMs 105^ to 1064, the pur- 
chase and/or usage form is determined based on the 
operation signal S1 65 in accordance with the operation 
of the purchase and/or usage fonri determination oper- 
ation unit 1 65 shown in Fig. 25 by the user. 
[0808] At this time, in the usage monitor unit 186 
shown in Fig. 31 , the purchase and/or usage form of the 
content file OF by the user is managed based on the 
usage control policy data 106 stored in the secure con- 
tainer 104. 

[0809] Step 86: In the charge processing unit 187 
shown in Fig. 31 of the SAMs 105^ to IO54, the usage 
log data 1 08 and the usage control status data 1 66 de- 
scribing the operation of the settlement of the purchase 
and/or usage form by the user are produced based on 
the operation signal Si 65 and are transmitted to the 
EMD service center 1 02. 

[0810] Step S7: The EMD service center 102 per- 
forms the settlement processing based on the usage log 
data 108 in the settlement processing unit 142 shown 
in Fig. 24 and produces the settlement claim data 152 
and the settlement report data 107. The EMD sen/ice 
center 1 02 transmits the settlement claim data 1 52 and 
the signature data SIGqq thereof via the payment gate- 
way 90 shown in Fig. 1 to the settlement manager 91. 
Further, the EMD service center 102 transmits the set- 



tlement report data 1 07 to the content provider 101 . 
[0811] Step S8: In the settlement manager 91 , after 
verifying the signature data SIGgg, based on the settle- 
ment claim data 1 52, the money paid by the user is dis- 

5 tributed to the owner of the content provider 1 01 . 

[0812] As explained above, in the EMD system 100, 
the secure container 104 of the fomnat shown in Fig. 5 
is distributed from the content provider 101 to the user 
home network 103, and the processing for the key file 

10 KF in the secure container 1 04 is carried out in the SAMs 
105i to 1054. 

[0813] Also, the content key data Kc and the usage 
control policy data 106 stored in the key file KF have 
been encrypted by using the distribution use key data 

15 KD-i to KD3 and decrypted inside only the SAMs 105^ 
to 1 054 holding the distribution use key data KD-, to KD3. 
Then , 1 n the SAMs 1 05^ to 1 054, the pu rchase form and 
the usage form of the content data C are determined 
based on a module having tamper resistance and the 

20 handling content of the content data C described in the 
usage control policy data 106. 

[0814] Accordingly, according to the EMD system 
100, the purchase and usage of the content data O in 
the user home network 103 can be reliably carried out 
25 based on the content of the usage control policy data 
106 produced by the interested parties of the content 
provider 1 01 . 

[0815] Also, in the EMD system 100, by distributing 
the content data C from the content provider 101 to the 
30 user home network 103 by using the secure container 
104 in both of the cases of on-line and off-line, the rights 
clearing of the content data 0 in the SAMs 1 05^ to 1 064 
can be shared in both cases. 

[0816] Also, in the EMD system 100, when purchas- 
es ing, using, recording, and transferring the content data 
O in the network apparatus 1 60^ and the AV apparatus- 
es I6O2 to I6O4 in the user home networic 103, by per- 
forming processing always based on the usage control 
policy data 1 06, common rights clearing rule can be em- 
40 ployed. 

[0817] Figure 48 is a view for explaining an example 
of the transport protocol of the secure container em- 
ployed in the first embodiment. 

[0818] As shown in Fig. 48, in the multi-processor sys- 
45 tem 100, as the protocol for transporting the secure con- 
tainer 104 from the content provider lOTto the user 
home network 103, use is made offer example TCP/IP 
and XML7SMIL. 

[0819] Also, asthe protocol for transferring the secure 
50 container between SAMs of the user home network 1 03, 
and the protocol fortransfen-ing the securecontainer be- 
tween the user home networks 103 and 103a, use is 
made of for example XMUSMIL constructed in the 1 394 
serial bus interface. Also, in this case, it is also possible 
55 to store the. secure container in a ROM type or RAM 
type storage medium and transport the same between 
SAMs. 
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First modtfication of first embodiment 

[0820] In the above embodiment, as shown in Fig. 5B. 
the case where the key file KF was encrypted by using 
the distribution use key data KD in the EMD service 
center 102, and the key file KF was decrypted by using 
the distribution use key data KD in the SAMs 105^ to 
1 064 was exemplified, but the encryption of the key file 
KF using the distribution use key data KD does not al- 
ways have to be carried out when the secure container 
1 04 is directly supplied from the content provider 1 01 to 
the SAMs 105^ to IO54 as shown in Fig. 1. 
[0821] In this way, the encryption of the key file KF by 
using the distribution use key data KD has a large effect 
when suppressing illegitimate action by the service pro- 
vider by giving the distribution use key data KD to only 
the content provider and the user home network when 
the content data is supplied from the content provider to 
the user home network via the service provider as in the 
second embodiment mentioned later. 
[0822] Note, also in the case of the first embodiment, 
the encryption of the key file KF by using the distribution 
use key data KD has an effect in the point of raising the 
force of suppressing illegitimate usage of the content 
data. 

[0823] Further, in the above embodiment, the case 
where the suggested retailer's price data SRP was 
stored in the usage control policy data 1 06 in the key file 
KF shown in Fig. 5B was exemplified, but it is also pos- 
sible to store the suggested retailer's price data SRP 
(price tag data) other than in the key file KF in the secure 
container 1 04. In this case, signature data produced by 
using the secret key data Kqp is attached to the sug- 
gested retailer's price data SRP. 

Second modification of first embodiment 

[0824] In the first embodiment, as shown in Fig. 1 , the 
case where the EMD service center 1 02 performed the 
settlement processing in the settlement manager 91 via 
the payment gateway 90 by using the settlement claim 
data 152 produced by itself was exemplified, but it is 
also possible to transmit for example the settlement 
claim data 152 from the EMD service center 102 to the 
content provider 1 01 as shown in Fig. 49 and have the 
content provider 101 .itself perform the settlement 
processing at the settlement manager 91 via the pay- 
ment gateway 90 by using the settlement claim data 
152. 

Third modification of first embodiment 

[0825] In the first embodiment, the case where the se- 
cure container 1 04 was supplied from a single content 
provider 1 01 to the SAMs 1 05-, to 1 054 of the user home 
network 103 was exemplified, but it is also possible to 
supply secure containers 1 04a and 1 04b from two or 
more content providers 101a and 101b to the SAMs 



105^ to 1054. 

[0826] Figure 50 is a view of the configuration of the 
EMD system according to a third modification of the first 
embodiment where the content providers 101a and 
5 101b are used. 

[0827] In this case, the EMD service center 102 dis- 
tributes key files KFa^ to KFag and KFb^ to KFbg en- 
crypted by using six months' worth of distribution use 
key data KDa^ to KDag and KDb^ to KDbg to the content 
fo providers 101a and 101b. 

[0828] Also, the EMD service center 1 02 distributes 
three months' worth of distribution use key data KDa^ to 
KDa3 and KDb^ to KDbg to the SAMs 105^ to 1054. 
[0829] Then, the content provider 1 01 a supplies a se- 

^5 cure container 1 04a storing a content file CFa encrypted 
by using unique content key data Kca and key files KFa^ 
to KFa^ of the con-esponding period received from the 
EMD service center 102 to the SAMs 105^ to IO54 on- 
line and/or off-line. 

20 [0830] At this time, as the identifier of a key file, use 
is made of the global unique identifier content ID distrib- 
uted by the EMD sen/ice center 102. The content data 
is centrally managed by the EMD service center 102. 
[0831 ] Also, the content provider 1 01 b supplies a se- 

25 cure container 1 04b storing a content file C Fb encrypted 
by using unique content key data Kcb and key files KFb^ 
to KFbg of the corresponding period received from the 
EMD service center 1 02 to the SAMs 1 05^ to 1 054 on- 
line and/or off-line. 

30 [0832] The SAMs 105^ to IO54 decrypt the secure 
container 104a by using the distribution use key data 
KDa^ to KDa3 of the corresponding period, determine 
the purchase form of the content after passing through 
the predetermined signature verification processing, 

35 etc. , and transmit usage log data 108a and usage con- 
trol status data 166a produced in accordance with the 
related determined purchase form and usage fonri to the 
EMD service center 1 02. 

[0833] Also, the SAMs 105^ to IO54 decrypt the se- 
40 cure container 104b by using the distribution use key 
data KDb^ to KDba of the corresponding period, deter- 
mine the purchase fomn of the content after passing 
through the predetemnined signature verification 
processing, etc., and transmit usage log data 108b and 
*5 usage control status data 1 66b produced in accordance 
with the related determined purchase fonn and usage 
form to the EMD service center 1 02. 
[0834] In the EMD service center 102, based on the 
usage log data 108a, settlement claim data 152a for the 
50 content provider 101a is produced, and settlement 
processing is earned out at the settlement manager 91 
using this. 

[0835] Also, in the EMD service center 102, settle- 
ment claim data 152b for the content provider 101b is 
>5 produced based on the usage log data 108b, and set- 
tlement processing is carried out at the settlement man- 
ager 91 using this. 

[0836] Also, the EMD service center 1 02 registers and 
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authenticates the usage control policy data 106a and 
106b. At this time, the EMD service center 102 distrib- 
utes the global unique identifier. content ID for the key 
files KFa and KFb corresponding to the usage control 
policy data 1 06a and 1 06b. 

[0837] Also, the EMD service center 102 issues cer- 
tificate data CERcPa and CERcPb of the content provid- 
ers 101a and 101b and attaches signature data 
SIGib.Esc and SIGia ESC them to verify their legitima- 
cy. 

Fourth modification of first embodiment 

[0838] In the above embodiment, the case where the 
content files CF and the key files KF were stored in the 
secure container 104 with directory structures and 
transmitted from the content provider 101 to the SAMs 
105i to 1064 was exemplified, but it is also possible to 
separately transmit the content files CF and the key file 
KF to the SAMs 1 05^ to 1 064. 

[0839] This includes for example the following first 
technique and second technique. 
[0840] In the first technique, as shown in Fig. 52, the 
content files CF and the key files KF are separately 
transmitted from the content provider 101 to the SAMs 
105^ to 1064 in a fomnat not depending upon the com- 
munication protocol. 

[0841 ] Also, in the second technique, as shown in Fig. 
52, the content files CF are transmitted from the content 
provider 101 to the SAMs 105^ to 1064 in a fomnat not 
depending upon the communication protocol and, at the 
same time, the key files KF are transmitted from the 
EMD service center 1 02 to the SAMs 1 05^ to 1 0S^. The 
related key files KF are transmitted from the EMD serv- 
ice center 102 to the SAMs 105^ to 1064 when for ex- 
ample the users of the SAMs 1 05^ to 1 064 are about to 
determine the purchase fomn of the content data C. 
[0842] When the first technique and the second tech- 
nique are employed, a link is established between relat- 
ed content files CF and between the content files CF 
and the key files KF corresponding to them by using hy- 
per link data stored in the header of at least one of the 
content file CF and the key file KF In the SAMs 1 05^ to 
1054, the rights clearing and the usage of the content 
data C are carried out based on the related link. 
[0843] Note that, in the present modification, as the 
formats of the content file CF and the key file KR for 
example, those shown in Figs. 5A and 5B are employed. 
. Also, in this case, preferably, together with the content 
file CF and the key file KF, the signature data SIGg cp 
and SIG7 CP thereof are transmitted. 

Fifth modification of first embodiment 

[0844] In the above embodiment, the case where the 
content file CF and the key file KF were separately pro- 
vided in the secure container 104 was exemplified, but 
for example it is also possible to store the key file KF in 



the content file CF in the secure container 1 04 as shown 
in Fig. 53. 

[0845] In this case, the signature data by the secret 
key data Kcp,s of the content provider 101 is attached 
5 to the content file CF storing the key file KF. 

Sixth modification of first embodiment 

[0846] In the above embodiment, the case where the 
10 content data C was stored in the content file CF, and the 
content key data Kc and the usage control policy data 
106 were stored in the key file KF and transmitted from 
the content provider 101 to the SAM 105^ or the like was 
exemplified, but it is also possible to transmit at least 
15 one among the content data C, content key data Kc, and 
the usage control policy data 106 from the content pro- 
vider 1 01 to the SAM 1 05^ orthe like without employing 
the tile fonnat and in a format not depending upon the 
communication protocol. 
20 [0847] For example, as shown in Fig. 54, it is also pos- 
sible if a secure container 104s storing the key file . KF 
containing the content data C encrypted by the content 
key data Kc, the encrypted content key data Kc, the en- 
crypted usage control policy data 106, etc. is produced 
25 in the content provider 1 01 , and the secure container 
104s is transmitted to the SAM 105^ etc. in a fonnat not 
depending upon the communication protocol. 
[0848] Also, as shown in Fig. 55, it is also possible to 
individually transmit the key file KF containing the con- 
30 tent data C encrypted by the content key data Kc, en- 
crypted content key data Kc, the encrypted usage con- 
trol policy data 1 06. and so on from the content provider 
1 01 to the SAM 1 05^ etc. in a fonnat not depending upon 
the communication protocol. Namely, the content data 
35 c is transmitted by an identical route to the key file KF 
without employing the file fonnat. 
[0849] Also, as shown in Fig. 56, it is also possible if 
the content data C encrypted by the content key data 
Kc is transmitted from the content provider 101 to the 
40 SAM 1 05-, etc. in a fonnat not depending upon the com- 
munication protocol and, at the same time, the key file 
KF containing the encrypted content key data Kc and 
the encrypted usage control policy data 1 06 etc. is trans- 
mitted from the EMD service center 102 to the SAM 
45 1051 etc. Namely, the content data C is transmitted by 
a different route from that for the key file KF without em- 
ploying the file format. 

[0850] Also, as shown in Fig. 57, it is also possible if 
the content data C encrypted by the content key data 

50 Kc, the content key data Kc, and the usage control policy 
data 1 06 are transmitted from the content provider 1 01 
to the SAM 105i etc. in a fonnat not depending upon 
the communication protocol. Namely, the content data 
C, content key data Kc, and the usage control policy da- 

55 ta 1 06 are transmitted by the identical route without em- 
ploying the file format. 

[0851] Also, as shown in Fig. 58, it is also possible if 
the content data C encrypted by the content key data 
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Kc is transmitted from the content provider 101 to the 
SAM 1 05i etc. in a fomnat not depending upon the com- 
munication protocol and. at the same time, the content 
l<ey data Kc and the usage control policy data 106 are 
transmitted from the EMD service center 1 02 to the SAM 
105^ etc. Namely, the content data C, content key data 
Kc. and the usage control policy data 106 are transmit- 
ted by different routes without employing the file fonnat. 



Second embodiment 

[0852] In the above embodiment, the case where the 
content data was directly distributed from the content 
provider 1 01 to the SAMs 1 05^ to 1 054 of the user home 
network 1 03 was exemplified, but in the present embod- 
iment, an explanation will be made of a case where the 
content data provided by the content provider is distrib- 
uted to a SAM of the user home network via the service 
provider 

[0853] Figure 59 is a view of the configuration of an 
EMD system 300 of the present embodiment. 
[0854] As shown in Fig. 59, the EMD system 300 has 
a content provider 301 , an EMD service center 302, the 
user home network 303, a service provider 31 0, the pay- 
ment gateway 90, and the settlement manager 91 . 
[0855] The content provider 301 , EMD service center 
302, SAMs 305^ to 3064, and the service provider 310 
correspond to the data providing apparatus, manage- 
ment device, data processing apparatus, and the data 
distribution apparatus according to claim 22 and claim 
152 etc. 

[0856] The content provider 301 Is the same as the 
content provider 1 01 of the first embodiment except for 
the point that it supplies the content data to the sen/ice 
provider 310. 

[0857] Also, the EMD service center 302 is the same 
as the EMD service center 1 02 of the flrBt embodiment 
except for the point that the certificate authority function, 
key data management function, and the rights clearing 
function are provided also to the service provider 310 in 
addition to the content provider 101 and SAMs 505. to 
5054. 

[0858] Also, the user home network 303 has a net- 
work apparatus 360^ and AV apparatuses 36O2 to 36O4. 
The network apparatus 360^ includes a SAM 305^ and 
a CA module 31 1 , and the AV apparatuses seOg to 36O4 
include the SAMs 3052 to 3064. 

[0859] Here, the SAMs 305^ to 3064 are the same as 
the SAMs 105^ to IO54 of the first embodiment except 
for the point that they are distributed a secure container 
304 from the service provider 31 0 and the point that they 
perfonn the verification processing of the signature data 
and the preparation of an SP use purchase log data (da- 
ta distribution device use purchase log data) 309 for the 
service provider 31 0 in addition to the content provider 
301. 

[0860] First, a brief explanation will be made of the 
EMD system 300. 



[0861] In the EMD system 300, the content provider 
301 transmits the usage control policy (UCP) data 106 
in the same way as that of the first embodiment men- 
tioned before indicating the rights contents such as the 
5 usage permission condition of the content data C of the 
content to be provided by itself and the content key data 
Kc to the EMD servbe center 302 as the authority man- 
ager having a high reliability. The usage control policy 
data 1 06 and the content key data Kc are registered and 
-io authenticated (certified) in the EMD service center 302. 
[0862] Also, the content provider 301 encrypts the 
content data C by the content key data Kc and produces 
the content file CF Also, the content provider receives 
six months' worth of the key files KF for the content files 
^5 CF from the EMD service center 302. 

[0863] In the related key file KF, the signature data for 
verifying the existence of tampering of the related key 
file KF arid the legitimacy of the producer and the trans- 
mitter of the related key file KF is stored. 
^0 [0864] Then,thecontentprovider301 supplies the se- 
cure container 1 04 shown in Fig. 5 storing the content 
file CF, key file KF, and its own signature data to the 
service provider 31 0 by using a network such as the In- 
ternet, digital broadcast, storage medium, or informal 
^5 protocol or off-line or the like. 

[0865] Also, the signature data stored in the secure 
container 1 04 is used for verifying the existence of tam- 
pering of the corresponding data and the legitimacy of 
the producer and transmitter of the related data. 
30 [0866] When receiving the secure container 1 04 from 
the content provider 301 , the service provider 31 0 veri- 
fies the signature data and confimns the producer and 
the transmitter of the secure container 1 04. 
[0867] Next, the service provider 31 0 produces price 
35 tag data (PT) 31 2 indicating the price obtained by adding 
a price for service such as authoring perfomned by itself 
to the price (SRP) for the content intended by the con- 
tent provider 301 notified for example off-line. 
[0868] Then, the service provider 310 produces the 
40 secure container 304 storing the content file CF and key 
file KF extracted from the secure container 104, price 
tag data 312, and the signature data by its own secret 
key data Ksp_s with respect to them. 
[0869] At this time, the key file KF has been encrypted 
45 by the distribution use key data KD^ to KDg, and the 
service provider 310 does not hold the related distribu- 
tion use key data KD^ to KDg. therefore the service pro- 
vider 31 0 cannot see or rewrite the content of the key 
file KF 

50 [0870] Also, the EMD service center302 registers and 
authenticates the price tag data 312. 
[0871] The service providerSIO distributes the secure 
container304to the user home networi< 303 on-line and/ 
or off-line. 

55 [0872] At this time, in the case of off-line, the secure 
container 304 is stored in the ROM type storage medium 
or the like and supplied to the SAMs 305^ to 3054 as it 
is. On the other hand, in the case of on-line, mutual cer- 
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tif ication is carried out between the service providerSI 0 
and the CA module 31 1 , the secure container 304 is en- 
crypted by using the session key data Kg^s in the serv- 
ice provider 310 and transnnitted, and the secure con- 
tainer 304 received at the CA module 311 is decrypted 
by using the session key data KgEs anci then transferred 
to the SAMs 305^ to 3064. 

[0873] In this case, as the communication protocol for 
transmitting the secure container 304 from the content 
provider 301 to the user home network 303, an MHEG 
(Multimedia and Hypermedia Information Coding Ex- 
perts Group) protocol is used in the case of a digital 
broadcast and XML7SMIL7HTML (Hyper Textmarkup 
Language) is used in the case of the Internet. In these 
communication protocols, the secure container 304 is 
buried by tunneling in a fonnat not depending upon the 
related: communication protocol (encoding method or 
the like). 

[0874] Accordingly, it is not necessary to ensure com- 
patibility of the format between the communication pro- 
tocol and the secure container 304, so the format of the 
secure container 304 can be flexibly set. 
[0875] Next, in the SAMs 305^ to 3064, the signature 
data stored in the secure container 304 is verified, and 
the legitimacy of producers and transmitters of the con- 
tent file CF and the key file KF stored in the secure con- 
tainer304 is confirmed. Then, in the SAMs 305^ to 3064, 
when the related legitimacy is confirmed, the key file KF 
is decrypted by using the distribution use data KD^ to 
KD3 of the corresponding period distributed from the 
EMD service center 302. 

[0876] The secure container 304 supplied to the 
SAMs 305i to 3064 is reproduced and recorded into the 
storage medium after the purchase and/or usage fomn 
is determined in accordance with the operation of the 
user in the network apparatus 360^ and the AV appara- 
tuses 36O2 to 36O4. 

[0877] The SAMs 305^ to 3064 store the log of the pur- 
chase and/or usage of the secure container 304 as the 
usage log data 308. 

[0878] A usage log data (log data or the management 
device use log data) 308 is transmitted from the user 
home network 303 to the EMD service center 302 in re- 
sponse to for example a request from the EMD sen/ice 
center 302. 

[0879] Also, the SAMs 305^ to 3064 transmit the us- 
age control status (UCS) data 1 66 indicating the related 
purchase form to the EMD sen/ice center 302 when the 
purchase fomn of the content is determined. 
[0880] The EMD service center 302 determines (cal- 
culates) the charge content for each of the content pro- 
vider 301 and the service provider 31 0 based on the us- 
age log data 308 and performs settlement at the settle- 
ment manager 91 such as a bank via the payment gate- 
way 90 based on the results. By this, the money paid by 
the user of the user home network 103 is distributed to 
the content provider 101 and the service provider 310 
by the settlement processing by the EMD service center 



102. 

[0881] In the present embodiment, the EMD service 
center302 has the certificate authorityfunction, key da- 
ta management function, and the rights clearing (profit 

5 distribution) function. 

[0882] Namely, the EMD service center302 functions 
as asecond certificate authority with respect to the route 
certificate authority 92 as the highest authority manager 
at the neutral position and verifies the legitimacy of the 

10 related public key data by attaching a signature by the 
secret key data of the EMD service center 302 to the 
certificate data of the public key data to be used for the 
verification processing of the signature data in the con- 
tent provider 301 , service provider 310, and the SAMs 

15 305^ to 3064. Further, as mentioned before, also the reg- 
istration and authentication of the usage control policy 
data 1 06 of the content provider 301 , content key data 
Kc, and the price tag data 312 of the service provider 
310 are achieved by the certificate authorityfunction of 

20 the EMD service center 302. 

[0883] Also, the EMD service center 302 has a key 
data management function for perfonning for example 
management of the key data of the distribution use key 
data KD^ to KDq. 

25 [0884] Also, the EMD service center 302 has a rights 
clearing (profit distribution) function of performing set- 
tlement with respect to the purchase and/or usage of the 
content by the user of the user home network 303 based 
on the usage control policy data 1 06 registered by the 

30 content provider 301 , the usage log data 308 input from 
the SAMs 305^ to 3064, and the price tag data 312 reg- 
istered by the service provider 31 0 and distributing and 
paying the money paid by the user to the content pro- 
vider 301 and the service provider 310. 

35 [0885] Below, components of the content provider 
301 will be explained in detail. 

[Content provider 301] 

40 [0886] Figure 60 Is a functional block diagram of the 
content provider 301 and shows the flow of the data re- 
lated to the data transmitted and received with the serv- 
ice provider 310. 

[0887] As shown in Fig. 60, the content provider 301 
45 has a content master source server 111 , electronic wa- 
termark information addition unit 112, compression unit 
113, encryption unit 114, random number generation 
unit 115, signature processing unit 117, secure contain- 
er preparation unit 118, secure container database 
50 118a, key file database 118b, storage unit 119, mutual 
certification unit 120, encryption and/or decryption unit 
121, usage control policy data preparation unit 122, 
EMD service center management unit 125, and a serv- 
ice provider management unit 324. 
55 [0888] In Fig. 60, components given the same refer- 
ence numerals as those of Fig. 3 are the same as the 
components of the same reference numerals explained 
in the first embodiment referring to Fig. 3 and Fig. 4. 
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[0889] Namely, the content provider 301 has aconfig- 
uration providing the service provider management unit 
324 in place of the SAM management unit 124 shown 
in Fig. 3. 

[0890] The service provider management unit 324 
provides the secure container 1 04 shown in Fig. 5 input 
from the secure container preparation unit 118 to the 
service provider 31 0 shown in Fig. 59 off-line and/or on- 
line. 

[0891] Where the secure container 104 shown in Fig. 
5 is distributed to the service provider 310 on-line, the 
service provider management unit 324 encrypts the se- 
cure container 1 04 by using the session key data Kses 
in the encryption and/or decryption unit 121 and then 
distributes the same via the network to the service pro- 
vider 310. 

[0892] Also, the flow of the data in thecontent provider 
1 01 shown in Fig. 4 similarly applies also to the content 
provider 301 . 

[0893] Below, an explanation will be made of the flow 
of the processing when transmitting the secure contain- 
er 1 04 from the content provider 301 to the service pro- 
vider 310. 

[0894] Figure 61 and Fig. 62 are flowcharts showing 
the flow of the processing when transmitting the secure 
container 1 04 from the content provider 301 to the serv- 
ice provider 310. 

[0895] Step C1 : Mutual certification is carried out be- 
tween the content providerSOl and the service provider 
310. 

[0896] Step C2: The session key data Kses obtained 
by the mutual certification at step C1 is shared between 
the content provider 301 and the service provider 31 0. 
[0897] Step C3: By the service provider 310, the se- 
cure container database 1 1 8a possessed by the content 
provider 301 (for CP) is accessed. 
[0898] Step C4: The service provider 31 0 selects the 
secure container 1 04 necessary for Its distribution serv- 
ice by refemng to for example the lists of the content ID 
and the meta data centrally managed at the secure con- 
tainer database 11 8a. 

[0899] Step C5: The content provider 301 encrypts 
the secure container 104 selected at step C4 by using 
the session key data Kqes shared at step C2. 
[0900] Step C6: The content provider 301 inserts the 
secure container 1 04 obtained at step C5 into a content 
provider use commodity transport protocol. 
[0901] Step C7: The service provider 310 perfonns 
the download. 

[0902] Step C8: The service provider 310 takes out 
the secure container 1 04 from the content provider use 
commodity transport protocol. 

[0903] Step C9: The service provider 31 0 decrypts the 
secure container 104 by using the session key data 
Ks£s shared at step C2. 

[0904] Step CI 0: The service provider 31 0 verifies the 
signature data stored in the decrypted secure container 
1 04 to conf imn the legitimacy of the transmitter and per- 



fomns the processing of step C11 under the condition 
that the transmitter is legitimate. 
[0905] Step C1 1 : The sen/ice provider 31 0 stores the 
secure container 1 04 in the secure container database 
5 of itself. 

[Service provider 31 0] 

[0908] The service provider 31 0 produces the secure 
10 container 304 storing the content file CF and the key file 
KF in the secure container 104 received from the con- 
tent provider 301 and the price tag data 312 produced 
by itself and distributes the secure container 304 to the 
network apparatus 360^ and the AV apparatuses 36O2 
15 to 36O4 of the user home network 303 on-line and/or off- 
line. 

[0907] The service format of the content distribution 
by the service provider 310 is roughly classified to an 
independent type service and a linked type service. 

20 [0908] The independent type service is for example a 
service dedicated to download for individually distribut- 
ing the content. Further, the linked type service is a serv- 
ice for distributing content linked to the program and 
CMs (advertisements). For example, content such as a 

25 theme song and other song of a drama are stored in a 
stream of the drama program. The user can purchase 
the content such as theme song or other song existing 
in the stream when watching the drama program. 
[0909] Figure 63 is a functional block diagram of the 

50 service provider 310, 

[0910] Note that, in Fig. 63. the flow of the data when 
supplying the secure container 304 produced by using 
the secure container 1 04 supplied from the content pro- 
vider 301 to the user home network 303 is shown. 

35 [0911] As shown in Fig. 63, the service provider 310 
has a content provider management unit 350, a'storage 
unit 351 , a mutual certification unit 352, an encryption 
and/or decryption unit 353, a signature processing unit 
354, a secure container preparation unit 355, a secure 

40 container database 355a, a price tag data preparation 
unit 356, a user home network management unit 357, 
an EMD service center management unit 358, and a us- 
er preference filter generation unit 920. 
[0912] Below, an explanation will be made of the flow 

45 of the processing in the service provider 31 0 when cre- 
ating the secure container 304 from the secure contain- 
er 104 supplied from the content providerSOl and dis- 
tributing this to the user home networic 303 by referring 
to Fig. 63 and Fig. 64. 

50 [0913] Figure 64 is a flowchart for explaining the 
processing of distributing the secure container 304 from 
the content provider 301 to the service provider 31 0. 

<Step D1> 

55 

[0914] The content provider management unit 350 re- 
ceives the secure container 104 shown in Fig. 5 from 
the content provider 301 on-line and/or off-line and 
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writes the secure container 104 into the storage unit 
351. 

[091 5] At this time, the content provider management 
unit 350 decrypts the secure container 104 in the en- 
cr/ption and/or decryption unit 353 by using the session 
key data KgEs obtained by mutual certification between 
the mutual certification unit 120 shown in Fig. 60 and 
the mutual certification unit 352 shown in Fig. 63 in the 
case of on-lin e and then writes the same into the storage 
unit 351. 

[0916] Note that, the service provider 310 can have a 
dedicated secure container database for storing the se- 
cure container 1 04 separately from the storage unit 351 . 

<Step D2> 

[0917] Next, in the signature processing unit 354, the 
signature data SIG-, ^gc shown in Fig. 5C of the secure 
container 1 04 stored in the storage unit 351 is verified 
by using the public key data K^scp the EMD service 
center 302 read out from the storage unit 351 . After the 
legitimacy thereof is confimned, the public key data 
Kcpp is extracted from the certificate data CERcp 
shown in Fig. 5C. 

[091 8] Next, the signature processing unit 354 verifies 
the signature data SlGg cp and SIG7 cp shown in Figs. 
5A and 5B of the secure container 1 04 stored in the stor- 
age unit 351 , that is, verifies the legitimacy of the pro- 
ducer and transmitter of the content file OF and the 
transmitter of the key file KF by using the related extract- 
ed public key data Kcp,p. 

[091 9] Also, the signature processing unit 354 verifies 
the signature data S1Gki,esc stored in the key file KF 
shown in Fig. 5B by using the public key data Kesc.p 
read out from the storage unit 351 , that is, verifies the 
legitimacy of the producer of the key file KF. At this time, 
the verification of the signature data SIGki,esc serves 
also as the verification of whether or not the key file KF 
is registered in the EMD service center 302. 

<Step D3> 

[0920] Next, the secure container preparation unit 
355 reads out the content file CF and the signature data 
SIGscp thereof, the key file KF and the signature data 
SIGy'cp thereof, the certificate data CERgp of the serv- 
ice provider 31 0 and the signature data SIGg^ there- 
of, and the certificate data CEPcp of the content provid- 
er 301 and the signature data SIG-, esc thereof from the 
storage unit 351 when the legitimacy of the signature 
data SlGe.cp. SIGy cp and SIGki,esc 'S confirmed. 
[0921] Also, the price tag data preparation unit 356 
produces price tag data 312 indicating the price ob- 
tained by adding the price of its own service to the price 
for the content requested by the content provider 301 
notified from for example the content provider 301 off- 
line and stores this in the storage unit 351 . 
[0922] Also, the signature processing unit 354 obtains 



the hash values of the content file CF, key file KF. and 
the price tag data 312, produces signature data 
SlGes.sp. SIGea.sp. anci SIG64..SP by using secret key 
data ksp p of the service provider 310, and outputs them 

5 to the secure container preparation unit 355. 

[0923] Here, the signature data SIGga.sp is used for 
verifying the legitimacy of the transmitter of the content 
file CF, the signature data SIGqs.sp 's used for verifying 
the legitimacy of the transmitter of the key file KF, and 

10 the signature data SIG64 gp is used for verifying the le- 
gitimacy of the producer and transmitter of the price tag 
data 312. 

[0924] Next, the secure container preparation unit 
355 produces the secure container 304 storing the con- 

15 tent file CF and the signature data SIGe^cp and SlG52,sp 
thereof, the key file KF and the signature data SIG7 cp 
and SIG63ESC thereof, the price tag data 312 and the 
signature data SIG64 SP thereof, the certificate data 
CERsp and the signature data SIGsi^esc thereof, and 

20 the certificate data CERcp and the signature data 
SIG-i ESC thereof as shown in Figs. B5A to 65D and 
stores the same in the secure container database 355a. 
[0925] The secure containers 304 stored in the secure 
container database 355a are centrally managed by the 

25 service provider 31 0 by using for example content IDs. 

<Step D4> 

[0926] The secure container preparation unit 355 
30 reads out the secure container 304 in response to the 
request from the user home network 303 from the se- 
cure container database 355a and outputs this to the 
user home network management unit 357. 
[0927] At this time, the secure container 304 may be 
35 a composite container storing a plurality of content files 
CF and a plurality of key files KF corresponding to them 
too. For example, it is also possible to store a plurality 
of content files CF concerning a song, a video clip, a text 
card, liner notes, and a jacket in a single secure con- 
40 tainer 304. It is also possible if these plurality of content 
files CF etc. are stored in the secure container 304 with 
a directory structure. 

[0928] Also, where the secure container 304 is trans- 
mitted in a digital broadcast, an MHEG (Multimedia and 
45 Hypermedia Information Coding Experts Group) proto- 
col is used, while where it is transmitted by the Internet, 
an XML/SMILyHTML (Hyper Text Markup Language) 
protocol is used. 

[0929] At this time, the content files CF and the key 
50 files KF etc. in the secure container 304 are stored in 
predetermined layers in the communication protocol 
employed between the service provider 31 0 and the us- 
er home network 303 in a format not depending upon 
the encoding method tunneling the protocols of MHEG 
55 and HTML. 

[0930] For example, where the secure container 304 
is transmitted in a digital broadcast, as shown in Fig. 66, 
the content file CF is stored as the MHEG content data 
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in the MHEG object. 

[0931] Also, in the transport layer protocol, the MHEG 
object is stored in PES (packetized elementary stream)- 
Video in the case of a moving picture Image, stored in 
the PES-Audio in the case of audio, and stored in Pri- 
vate-Data in the case of a still image. 
[0932] Also, as shown in Fig. 67. the key file KF, price 
tag data 31 2, and the certificate data CERcp and CERgp 
are stored in an ECM (entitlement control message) in 
TS Packet of the transport layer protocol. 
[0933] Here, a mutual link is established among the 
content file CF, key file KF, price tag data 312, and the 
certificate data CERcp and CERsp by the directory 
stmcture data DSD^ in the header of the content file CF 
[0934] Next, the user home network management unit 
357 supplies the secure container 304 to the user home 
network 303 off-line and/or on-line. 
[0935] Where the secure container 304 is to be dis- 
tributed to the network apparatus 360^ of the user home 
network 303 on-line, the user home network manage- 
ment unit 357 encrypts the secure container 304 by us- 
ing the session key data Kqes in the encryption and/or 
decryption unit 352 after the mutual certification and 
then distributes the same via the network to the network 
apparatus 360-, . 

[0936] Note that, where the secure container 304 is 
to be broadcasted via for example a satellite, the user 
home network management unit 357 encrypts the se- 
cure container 304 by using scramble key data Kq^r or 
the like. Further, scramble key data Kscr is encrypted 
by using work key data K^, and the wori< key data 
is encrypted by using master key data K^. 
[0937] Then, the user home network management 
unit 357 transmits scramble key data Kscr and the work 
key data together with the secure container 304 to 
the user home network 303 via the satellite. 
[0938] Also, for example it stores the master key data 
K[^ in the IC card or the like and distributes the same to 
the user home network 303 off-line. 
[0939] Also, when receiving the SP use purchase log 
data 309 concerning the content data C distributed by 
the related service provider 310 from the user home net- 
work 303, the user home network management unit 357 
writes this into the storage unit 351 . 
[0940] The service provider 31 0 refers to the SP use 
purchase log data 309 when determining the service 
content in the future. Further, the user preference filter 
generation unit 920 analyzes the preference of the users 
of the SAMs 305^ to 3054 transmitting the related SP 
use purchase log data 309 based on the SP use pur- 
chase log data 309 to produce user preference filter data 
900 and transmits this via the user home network man- 
agement unit 357to the CAmodule311 of the user home 
network 303. 

[0941] In Fig. 68, the flow of the data related to the 
communication with the EMD service center 302 in the 
service provider 310 is shown. 

[0942] Note that, as the prerequisite of perfonning the 



following processing, the interested party of the service 
provider 310 perfonms registration processing at the 
EMD service center302 off-line by using for example its 
own ID card and a bank account for perfonning the set- 
5 tiement processing and acquires the global unique iden- 
tifier SP_ID. The identifier SP_iD is stored in the storage 
unit 351. 

[0943] First, an explanation will be made of the 
processing where the service providerSI 0 requests the 
10 certificate data CERgp for certifying the legitimacy of the 
public key data Kgps corresponding to its own secret 
key data Kgpg at the EMD service center 302 by refer- 
ring to Fig. 54. 

[0944] The service provider 31 0 generates a random 
^5 number by using the true random number generator to 
produce the secret key data Kgp s, produces the public 
key data Kgpg corresponding to'the related secret key 
data Ksps, and stores the same in the storage unit 351 . 
[0945] The identifiers SP_ID and the public key data 
^sp.p of the EMD service center management unit 358 
and the service provider 31 0 are read out from the stor- 
age unit 351 . 

[0946] Then, the EMD service center management 
unit 358 transmits the identifier SP_ID and the public 

25 key data Kgp p to the EMD service center 302. 

[0947] Then, the EMD service center management 
unit 348 receives as its inputs the certificate data CERgp 
and the signature data SIGg^ ^gc thereof from the EMD 
service center 302 in accordance with the related reg- 

50 istration and writes the same into the storage unit 351 . 
[0948] Next, an explanation will be made of the 
processing of the case where the service provider 310 
registers and authenticates the price tag data 31 2 in the 
EMD service center 302 by referring to Fig. 54. 

35 [0949] In this case, in the signature processing unit 
354, the hash value of a module ModiQ3 shown in Fig. 
69 storing the price tag data 31 2 read out from the stor- 
age unit 351 and the content ID as the global unique 
identifier is found, and signature data SIGgosp is pro- 

40 duced by using the secret key data Kgpg. 

[0950] Also, the certificate data CERgp and the sig- 
nature data SIG5., ESC thereof are read out from the stor- 
age unit 351. 

[0951] Then, after encrypting a price tag registration 
request use module Modio2 shown in Fig. 69 by using 
the session key data Kqes obtained by the mutual cer- 
tification between the mutual certification unit 352 and 
the EMD service center 302 in the encryption and/or de- 
cryption unit 353, it is transmitted from the EMD service 
50 center management unit 358 to the EMD sen/ice center 
302. 

[0952] Note that, it is also possible if the global unique 
identifier SP_ID of the service provider 31 0 is stored in 
the module Modio2- 
55 [0953] Also, the EMD service center management 
unit 358 writes a settlement report data 307s received 
from the EMD service center 302 into the storage unit 
351. 
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[0954] Also, the EMD service center management 
unit 358 stores marketing infonnation data 904 received 
from the EMD service center 302 in the storage unit 351 . 
[0955] The marketing infonnation data 904 is used as 
a reference when the service provider 31 0 determines s 
the content data C to be distributed from then on. 

[EMD service center 302] 

[0956] The EMD service center 302 functions as the io 
certificate authority (CA), key management authority, 
and the rights clearing authority as mentioned before. 
[0957] Figure 70 is a view of the configuration of the 
EMD service center 302. 

[0958] As shown in Fig. 70, the EMD service center ^5 
302 has a key server 141 , a key database 1 41 a, a KF 
preparation unit 153, a settlement processing unit 442, 
a signature processing unit 443, a settlement manager 
management unit 144, a certificate and usage control 
policy management unit 445, a CER database 445a, a 
certificate database 445b, a content provider manage- 
ment unit 148, a CP database 148a, a SAM manage- 
ment unit 149, a SAM database 149a, a mutual certifi- 
cation unit 150, an encryption and/or decryption unit 
151, a service provider management unit 390, an SP 25 
database 390a, a content ID preparation unit 851 , a user 
preference filter generation unit 901, and a marketing 
infonnation data generation unit 902. 
[0959] In Fig. 70, the functional blocks given the same 
reference numerals as those of Fig. 23 and Fig. 24 have 30 
substantially the same functions as those of the func- 
tional blocks having the same reference numerals ex- 
plained in the first embodiment. 

[0960] Below, an explanation will be made of the func- 
tional blocks given the new reference numerals In Fig. 55 
70. 

[0961] Note that, in Fig. 70, the flow of the data related 
to the data transmitted and received between the EMD 
service center 302 and the service provider 31 0 in the 
flow of the data among the functional blocks in the EMD 40 
service center 302 is shown. 

[0962] Further, in Fig. 71 , the flow of the data related 
to the data transmitted and received between the EMD 
service center 302 and the content provider 301 in the 
flow of the data among the functional blocks in the EMD 45 
service center 302 is shown. 

[0963] Further, in Fig. 72, the flow of the data related 
to the data transmitted and received between the EMD 
service center 302 and the SAMs 305-| to 3054 shown 
in Fig. 59 and the settlement manager 91 in the flow of 50 
the data among the functional blocks in the EMD service 
center 302 is shown. 

[0964] The settlement processing unit 442 performs 
the settlement processing based on the usage log data 
308 Input from thes SAMs 305-, to 3064 and the sug- 55 
gested retailer's price data SPR and the price tag data 
312 input from the certificate and usage control policy 
management unit 445 as shown in Fig. 72. Note that, at 



this time, the settlement processing unit 442 monitors 
the existence of dumping etc. by the service provider 
310. 

[0965] The settlement processing unit 442 produces 
settlement report data 307c and settlement claim data 
152c for the content provider 301 as shown in Fig. 72 
by the settlement processing and outputs them to the 
content provider management unit 148 and the settle- 
ment manager management unit 144. 
[0966] Also, by the settlement processing, as shown 
in Fig. 70 and Fig. 72, the settlement report data 307s 
and settlement claim data 152s for the service provider 
31 0 are produced and are output to the service provider 
management unit 390 and the settlement manager 
management unit 144. 

[0967] Here, the settlement claim data 1 52c and 1 52s 
are authenticated data enabling claim of payment of 
money to the settlement manager 91 based on the re- 
lated data. 

[0968] Here, the usage log data 308 is used when de- 
termining the payment of the license fee related to the 
secure container 304 in the same way as the usage log 
data 1 08 explained in the first embodiment. In the usage 
log data 308, for example, as shown in Fig. 73, the iden- 
tifier of the content data C stored in the secure container 
304, that is, the content ID, the identifier CPJD of the 
content provider 301 providing the content data C stored 
in the secure container 304, the identifier SP_ID of the 
service provider 310 distributing the secure container 
304, signal parameter data of the content data C, the 
compression method of the content data C in the secure 
container304, the identifier Media_ID of the storage me- 
dium storing the secure container 304, the identifiers 
SAM_ID of the SAMs 305^ to 3054 receiving the distri- 
bution of the secure container 304, the USER_IDs of the 
users of the related SAMs 105^ to IO54, etc. are de- 
scribed. Accordingly, in a case where the money paid 
by the user of the user home network 303 must be dis- 
tributed to the license owners of for example the com- 
pression method and the storage medium other than the 
owners of the content provider 301 and the service pro- 
vider 31 0, the EMD service center 302 determines the 
sum of money to be paid to the other parties based on 
the distribution rate table detemnined in advance and 
produces the settlement report data and settlement 
claim data in accordance with the related detemninatlon. 
[0969] The certificate and usage control policy man- 
agement unit 445 reads out the certificate data CER^p, 
certificate data CERsp, the certificate data CERsam-i to 
CERsAM2' registered and authenticated in the cer- 
tificate database 445b and, at the same time, registers 
and authenticates the usage control policy data 1 06 and 
content key data Kc of the content provider 301, the 
price tag data 31 2 of the service provider 31 0, etc. in the 
CER database 445a. 

[0970] At this time, the certificate and usage control 
policy management unit 445 obtains the hash values of 
the usage control policy data 106, content key data Kc, 
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the price tag data 312, etc., attaches the signature data 
using the secret key data K^scS' ^rid produces the au- 
thenticated certificate data. 

[0971] The content provider managennent unit 148 
has a function of communicating with the content pro- 5 
vider 101 and can access the CP database 148a for 
managing the registered identifier CP J D etc. of the con- 
tent provider 101 . 

[0972] The user preference filter generation unit 901 
produces user preference filter data 903 for selecting io 
the content data C in accordance with the preference of 
the users of the SAMs 305^ to 3064 transmitting the re- 
lated usage log data 308 based on the usage log data 
308 and transmits the user preference filter data 903 to 
the SAMs 305-1 to 3054 transmitting the related usage ^5 
log data 308 via the SAM management unit 149. 
[0973] The marketing information data generation 
unit 902 produces the marketing information data 904 
indicating the purchase situation etc. of the whole con- 
tent data C distributed to the user home network 1 03 by 20 
for example a plurality of service providers 310 based 
on the usage log data 308 and transmits this via the 
service provider management unit 390 to the service 
provider 310. The service provider 310 determines the 
content of the service to be provided from then on with ^5 
reference to the marketing information data 904. 
[0974] Below, an explanation will be made of the flow 
of the processing in the EMD service center 302. 
[0975] The distribution use key data KD^ to KD3 are 
transmitted from the EMD service center 302 to the 30 
SAMs 305i to 3064 in the same way as the case of the 
first embodiment. 

[0976] Also, the processing in the case where the 
EMD service center 302 receives the issuance request 
of the certificate data from the content provider 301 is 55 
the same as the first embodiment except for the point 
that the certificate and usage control policy manage- 
ment unit 445 accesses the certificate database 445b. 
Further, the processing of registering the usage control 
policy data 1 06 etc. is similar to the case of the first em- 
bodiment mentioned above except for the point that the 
certificate and usage control policy management unit 
445 stores the related data in the CER database 445a. 
[0977] Next, an explanation will be made of the 
processing in the case where the EMD service center ^5 
302 receives the issuance request of the certificate data 
from the service provider 31 0 by referring to Fig. 70. 
[0978] In this case, when receiving the identifier 
SP_ID, public key data K^pp, and signature data 
SIG70 sp the service provider 31 0 given by the EMD 50 
service center 302 in advance from the service provider 
310, the service provider management unit 390 de- 
crypts them by using the session key data Kg^s 
tained by the mutual certification between the mutual 
certification unit 1 50 and the mutual certification unit 352 55 
shown in Fig. 63. 

[0979] Then, after confirming the legitimacy of the re- 
lated decrypted signature data SIG70 sp at the signature 



processing unit 443, it is confirmed whether or not the 
service provider 310 issuing the issuance request of the 
related certificate data is registered in the SP database 
390a based on the identifier SP_ID and the public key. 
data Kgpp. 

[0980] Then, the certificate and usage control policy 
management unit 445 reads out the certificate data 
CER3P of the related service provider 310 from the cer- 
tificate database 445b and outputs the same to the serv- 
ice provider management unit 390. 
[0981 ] Also, the signature processing unit 443 obtains 
the hash value of the certificate data CERsp, produces 
the signature data SIGg^ ,esc using the secret key da- 
ta K£3c 3 of the EMD service center 302, and outputs 
this to the service provider management unit 390. 
[0982] Then, the service provider management unit 
390 encrypts the certificate data CERgp and the signa- 
ture data SIGfii esc thereof by using the session key da- 
ta K^£s obtained by the mutual certification between the 
mutual certification unit 150 and the mutual certification 
unit 352 shown in Fig. 63 and then transmits the same 
to the service provider 31 0. 

[0983] Note that, the processing where the EMD serv- 
ice center 302 receives the issuance request of the cer- 
tificate data from the SAMs 1 05^ to 1 064 is similar to the 
first embodiment. 

[0984] Further, also the processing where the EMD 
service center 302 receives the registration request of 
the usage control policy data 106 and the content key 
data Kc from the content provider 301 is similar to that 
of the first embodiment. 

[0985] Further, also the processing of preparing the 
key file KF in accordance with the registration use mod- 
ule Modg received from the content provider 301 by the 
EMD service center 302 and transmitting the same to 
the content provider 301 is similar to the first embodi- 
ment. 

[0986] Next, an explanation will be made of the 
processing where the EMD service center 302 receives 
the registration request of the price tag data 312 from 
the service provider 310 by refen-ing to Fig. 70. 
[0987] In this case, when the service provider man- 
agement unit 390 receives the price tag registration re- 
quest module Mod-|Q2 shown in Fig. 69 from the service 
provider 31 0, it decrypts the price tag registration re- 
quest module Mod^oa using the session key data 
KsEs obtained by the mutual certification between the 
mutual certification unit 150 and the mutual certification 
unit 352 shown in Fig. 63. 

[0988] Then, after conf inning the legitimacy of the sig- 
nature data SIGso.sp stored in the related decrypted 
price tag registration request module Mod^o2 '"^ the sig- 
nature processing unit 443, the price tag data 31 2 stored 
in the price tag registration request module Mod^o2 
registered and authenticated in the CER database 445a 
via the certificate and usage control policy management 
unit 445. 

[0989] Next, an explanation will be made of the 
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processing where the settlement is carried out in the 
EMD service center 302 by referring to Fig. 72. 
[0990] When receiving as its inputs the usage log data 
308 and signature data SIG205.SAM1 tliereof from for ex- 
ample the SAM 305^ of the user home network 303, the 
SAM management unit 1 49 decrypts the usage log data 
308 and the signature data SIG205.SAM1 by using the 
session key data Kses obtained by the mutual certifica- 
tion between the mutual certification unit 150 and the 
SAMs 305^ to 3054. verifies the signature data 
SIG205.SAMI using the public key data Kqami .p ^^e 
SAM 305^ , and then outputs the same to the settlement 
processing unit 442. 

[0991] Then, the settlement processing unit 442 per- 
forms the settlement processing based on the usage log 
data 308 input from the SAM 305^ and the suggested 
retailer's price data SRP and the price tag data 312 input 
from the certificate and usage control policy manage- 
ment unit 445. 

[0992] The settlement processing unit 442 produces 
settlement report data 307c and settlement claim data 
152c for the content provider 301 and outputs them to 
the content provider management unit 1 48 and the set- 
tlement managermanagement unit 144 as shown in Fig. 
72. 

[0993] Also, by the settlement processing, as shown 
in Fig. 70 and Fig. 72, the settlement report data 307s 
and the settlement claim data 152s for the service pro- 
vider 310 are produced and are output to the sen/ice 
provider management unit 390 and the settlement man- 
ager management unit 144. 

[0994] Next, the settlement manager management 
unit 144 performs the mutual certification of the settle- 
ment claim data 152c and 152s and the signature data 
produced for them by using the secret key data K^sc.s 
and the decryption by the session key data Kg^g and 
then transmits the same to the settlement manager 91 
via the payment gateway 90 shown in Fig. 59. 
[0995] By this, the money of the sum indicated in the 
settlement claim data 1 52c is paid to the content provid- 
er 301 , and the money of the sum indicated in the set- 
tlement claim data 152s is paid to the service provider 
310. 

[0996] Next, an explanation will be made of the 
processing in the case where the EMD service center 
302 transmits the settlement report data 307c and 307s 
to the content provider 301 and the service provider 31 0. 
[0997] When settlement is can-ied out in the settle- 
ment processing unit 442, the settlement report data 
307c is output from the settlement processing unit 442 
to the content provider management unit 148. 
[0998] When receiving as input the settlement report 
data 307c from the settlement processing unit 442, the 
content provider management unit 148 encrypts this by 
using the session key data Kg^s obtained by the mutual 
certification between the mutual certification unit 150 
and the mutual certification unit 120 shown in Fig. 60 
and then transmits the same to the content provider 301 . 



[0999] Also, when the settlement is carried out in the 
settlement processing unit 442, the settlement report 
data 307s is output from the settlement processing unit 
442 to the service provider management unit 390. 

5 [1 000] When receiving as input the settlement report 
data 307s from the settlement processing unit 442, the 
service provider management unit 390 encrypts this by 
using the session key data KgEs obtained by the mutual 
certification between the mutual certification unit 150 

10 and the mutual certification unit 352 shown in Fig. 63 
andthentransmitsthe same to the service provider310. 
[1001] The EMD service center 302 performs 
processing at the time of shipment of the SAMs 305-, to 
3054 and the registration processing of the SAM regis- 

15 tration list in the same way as the EMD service center 
102 of the first embodiment other than the above. 

[User home network 303] 

20 [1002] The user home network 303 has the network 
apparatus 360-, and the AA/ apparatuses 36O2 to 36O4 
as shown in Fig. 59. 

[1003] The network apparatus 360^ includes the built- 
in CA module 311 and the SAM 3QSy Further, the AA/ 
25 apparatuses 36O2 to 36O4 include the buitt-in SAMs 3052 
to 3054. 

[1 004] The SAMs 3052 3064 are connected to each 
other via a bus 191 , for example, an IEEE serial inter- 
face bus. 

30 [1005] Note that, it is possible if the AV apparatuses 
36O2 to 36O4 have a network communication function or 
do not have the network communication function, but 
utilize the network communication function of the net- 
work apparatus 360^ via the bus 1 91 . 

35 [1006] Also, it is also possible if the user home net- 
work 303 has only AV apparatuses not having network 
functions. 

[1007] Below, an explanation will be made of the net- 
work apparatus 360-, . 
40 [1008] Figure 74 is a view of the configuration of the 
network apparatus 360^ . 

[1009] As shown in Fig. 74, the network apparatus 
360^ has acommunication module 162, CA module 311 , 
decryption module 905, SAM 305^, decryption and/or 

45 expansion module 163. purchase and/or usage form de- 
tennination operation unit 165, download memory 167, 
reproduction module 169, and external memory 201 . 
[1010] In Fig. 74, components given the same refer- 
ence numerals as those of Fig. 25 are the same as the 

50 components of the same reference numerals explained 
in the first embodiment. 

[1011] The communication module 162 perfonris the 
communication processing with the service provider 
310. 

55 [1012] Concretely, the communication module 162 
outputs the secure container 304 received from the 
service provider 31 0 by a satellite broadcast or the like 
to the decryption module 905. Also, the communication 
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module 1 62 outputs user preference filter data 900 re- 
ceived via a telephone line or the like at the service pro- 
vider 31 0 to the CA module 311 and. at the same time, 
transmits SP use purchase log data 309 input from the 
CA module 31 1 to the service provider 31 0 via the tele- 
phone line or the like. 

[1013] Figure 75 is a functional block diagram of the 
CA module 311 and the decryption module 905. 
[1014] As shown in Fig. 75. the CA module 311 has a 
mutual certification unit 906, a storage unit 907, an en- 
cryption and/or decryption unit 908 and an SP use pur- 
chase log data generation unit 909. 
[1015] When transmitting and receiving the data be- 
tween the CA module 311 and the service provider 310 
via the telephone line, the mutual certification unit 906 
perfonns the mutual certification with the service provid- 
er31 0 to produce the session key data K^ss and outputs 
this to the encryption and/or decryption unit 908. 
[1016] The storage unit 907 stores the master key da- 
ta Km supplied from the service provider 31 0 off-line by 
using an IC card 912 etc. after for example a contract is 
established between the service provider 310 and the 
user. 

[1017] The encryption and/or decryption unit 908 re- 
ceives as its inputs the encr/pted scramble key data 
KscR ^ncl work key data from a decryption unit 910 
of the decryption module 905 and decrypts the work key 
data Kyv by using the master key data K^^ read out from 
the storage unit 907. Then, the encryption and/or de- 
cryption unit 908 decrypts the scramble key data Kgcp 
by using the related decrypted work key data and 
outputs the related decrypted scramble key data Kqcr 
to the decryption unit 91 0. 

[1018] Also, the encryption and/or decryption unit 908 
decrypts the user preference filter data 900 received by 
the communication module 1 62 from the service provid- 
er 31 0 via the telephone line or the like by using the ses- 
sion key data Kqes from the mutual certification unit 906 
and outputs the same to a secure container selection 
unit 911 of the decryption module 905. 
[1019] Also, the encryption and/or decryption unit 908 
decrypts the SP use purchase log data 309 input from 
the SP use purchase log data generation unit 909 by 
using the session key data Kqes from the mutual certi- 
fication u n it 906 and transmits the same via the commu- 
nication module 162 to the service provider 310. 
[1020] The SP use purchase log data generation unit 
909 produces the SP use purchase log data 309 indi- 
cating the purchase log of the content data C inherent 
in the service provider 31 0 based on the operation signal 
S1 65 in accordance with the purchase operation of the 
content data C by the user by using the purchase and/ 
or usage fomn detemnination operation unit 165 shown 
in Fig. 74, or the usage control status data 1 66 from the 
SAM 305^ and outputs this to the encryption and/or de- i 
cryption unit 908. 

[1021] TheSP use purchase log data 309 includes for 
example the information to be collected from the user 



concerning the distribution service by the service pro- 
vider 31 0, the monthly base fee (network rent), contract 
(update) infomriation, and the purchase log information. 
[1022] Note that, the CA module 311 communicates 
with a charge database, a customer management data- 
base, and a marketing infonmation database of the serv- 
ice provider 31 0 when the service provider 310 has the 
charge function. In this case, the CA module 311 trans- 
mits the charge data for the distribution service of the 
' content data to the service provider 31 0. 

[1023] The decryption module 905 has a decryption 
unit 910 and a secure container selection unit 911. 
[1024] The decryption unit 910 receives as its inputs 
the encrypted secure container 304. scramble key data 
*^SCR. and the work key data from the communica- 
tion module 162. 

[1025] Then, the decryption unit 910 outputs the en- 
crypted scramble key data KgcR and work key data 
to the encryption and/or decryption unit 908 of the CA 
module 311 and receives as its input the decrypted 
scramble key data Kqcr from the encryption and/or de- 
cryption unit 908. 

[1 026] Then, the decryption unit 91 0 decrypts the en- 
crypted secure container 304 by using the scramble key 
data Kqcr and then outputs the same to the secure con- 
tainer selection unit 911. 

[1 027] Note that, where the secure container 304 is 
transmitted from the service provider 310 by an MPEG2 
Transport Stream method, for example, the decryption 
unit 910 extracts the scramble key data KgcR from an 
ECM (Entitlement Control Message) in a TS Packet and 
extracts the wori< key data Kw from an EMM (Entitle- 
ment Management Message). 

[1 028] In the ECM, otherthan the above, for example, 
program attribute inf omnation for every channel are con- 
tained. Further, in the EMM, otherthan this, individual 
demo contract infonnation different for every user (lis- 
tener) etc. are contained. 

[1029] The secure container selection unit 911 filters 
the secure containers 304 input from the decryption unit 
910 by using the user preference filter data 900 input 
from the CA module 311 , selects the secure container 
304 in accordance with the preference of the user, and 
outputs the same to the SAM 305^ . 
[1030] Next, an explanation will be made of the SAM 
305 1. 

[1031] Note that, the SAM 305^ has basically the 
same function and structure as the SAM 105^ of the first 
embodiment mentioned before by using Fig. 26 to Fig. 
41 except it performs the processing concerning the 
service provider 310 in addition to the content provider 
310, for example, it performs the signature verification 
processing for the service provider 310. 
[1 032] Also, the SAMs 3052 ^^^4 basically have the 
same functions as that of the SAM 305-,. 
[1033] Namely, the SAMs 305^ to 305^ are modules 
for performing charge processing in units of content and 
communicate with the EMD service center 302. 
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[1034] Below, the function of the SAM 305-, will be ex- 
plained in detail. 

[1035] Figure 76 is a view of the configuration of the 
SAMSOS^. 

[1 036] Note that, in Fig. 76, the flow of the data related 
to the processing when receiving as input the secure 
container 304 from the sen/ice provider 31 0 is shown. 
[1037] As shown in Fig. 76, the SAM 305i has the mu- 
tual certification unit 170, encryption and/or decryption 
units 171,1 72, and 1 73, error correction unit 1 81 , down- 
load memory management unit 182, secure container 
decryption unit 183, decryption and/or expansion mod- 
ule management unit 1 84, EMD service center manage- 
ment unit 185, usage monitor unit 186, signature 
processing unit 189, SAM management unit 190, stor- 
age unit 192, media SAM management unit 197, stack 
memory 200, a service provider management unit 580, 
a charge processing unit 587, a signature processing 
unit 598, and the externa! memory management unit 
811. 

[1038] Note that, the predetermined function of the 
SAM 305^ shown in Fig, 76 is realized by executing a 
secret program intheCPUinthe same way as the case 
of the SAM 105^. 

[1 039] In Fig. 76, functional blocks given the same ref- 
erence numerals as those of Fig. 26 are the same as 
the functional blocks having the same reference numer- 
als explained in the first embodiment. 
[1040] Also, in the external memory 201 shown in Fig. 
74, after the processing explained in the first embodi- 
ment and the processing mentioned later, the usage log 
data 308 and the SAM registration list are stored. 
[1041] Also, in the stack memory 200, as shown in 
Fig. 77, the content key data Kc, usage control policy 
data (UCP) 106, lock key data Klqc of the storage unit 
1 92, certificate data CERcp of the content provider 301 , 
certificate data CERsp of the service provider 31 0, us- 
age control status data (UCS) 366, SAM program down- 
load containers SDC^ to SFDC3, the price tag data 31 2, 
etc. are stored. 

[1042] Below, an explanation will be made of the func- 
tional blocks newly given reference numerals in Fig. 76 
among the functional blocks of the SAM 305^. 
[1043] The signature processing unit 589 verifies the 
signature data in the secure container 304 by using the 
public key data K^scp the EMD service center 302, 
public key data Kqpp of the content provider 301 , and 
the public key data Kgpp of the service provider 310 
read out from the storage unit 1 92 or the stack memory 
200.. 

[1044] The charge processing unit 587 perfomns the 
charge processing in accordance with the purchase 
and/or usage form of the content by the user based on 
the operation signal S165 from the purchase and/or us- 
age form determination operation unit 1 65 shown in Fig. 
74 and the price tag data 312 read out from the stack 
memory 200 as shown in Fig. 78. 
[1045] The charge processing by the charge process- 



ing unit 587 is carried out based on the rights contents 
such as the usage pemnission condition indicated by the 
usage control policy data 1 06 and the usage control sta- 
tus data 166 under the monitoring of the usage monitor 
5 unit 186. Namely, the user can purchase and use the 
content within the range according to the related rights 
content etc. 

[1046] Also, the charge processing unit 587 produces 
the usage log data 308 in the charge processing and 
10 writes this into the external memory 201 via the external 
memory management unit 811 . 

[1 047] Here, the usage log data 308 is used when de- 
termining the payment of the license fee related to the 
secure container 304 in the EMD service center 302 in 
15 the same way as the usage log data 1 08 of the first em- 
bodiment. 

[1 048] Also, the charge processing unit 587 produces 
the usage control status (UCS) data 166 describing the 
purchase and/or usage fonn of the content by the user 
20 based on the operation signal SI 65 and writes this into 
the stack memory 200. 

[1 049] As the purchase form of the content, there are 
for example outright purchase without restriction as to 
the reproduction by the purchaser or copying for use of 

25 the related purchaser and a reproduction charge for 
charging whenever the content is reproduced. 
[1050] Here, the usage control status data 166 is pro- 
duced when the user detennines the purchase fomn of 
the content and used for control so that the user will use 

30 the related content within the range pennitted by the re- 
lated determined purchase form from then on. In the us- 
age control status data 1 66, the ID of the content, pur- 
chase fomn, outright purchase price, SAMJD of the 
SAM for which the related content was purchased, the 

35 USER_ID of the user purchasing the content, etc. are 
described. 

[1051] Note that, where the determined purchase 
fomn is a reproduction charge, for example, the usage 
control status data 1 66 is transmitted from the SAM 305^ 

40 to the service provider 31 0 in real-time, and the service 
provider 310 instructs the EMD service center 302 to 
take the usage log data 308 from the SAM lOSy 
[1052] Also, where the determined purchase form is 
outright purchase, for example, the usage control status 

45 data 1 66 is transmitted to the service provider 31 0 and 
the EMD service center 302 in real-time. 
[1 053] Also, in the SAM 305-, , as shown in Fig. 76, the 
user preference filter data 903 received via the EMD 
service center management unit 185 from the EMD 

50 service center 302 is output to the service provider man- 
agement unit 580. Then, in the service provider man- 
agement unit 580, among the secure containers 304 in- 
put from the decryption module 905 shown in Fig. 74, 
the secure container 304 filtered based on the userpref- 

55 erence filter data 903 and thus responding to the pref- 
erence of the user is selected, and the related selected 
secure container304 is outputtothe error correction unit 
181 . By this, in the SAM 305^, the selection processing 
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of the content data C based on the preference of the 
related user obtained fronn the purchase situation of the 
content data C by the related user becomes possible for 
all sen^ice providers 31 0 contracting with the user of the 
related SAM 305^. 

[1054] Below, the flow of the processing In the SAM 
305^ will be explained. 

[1055] The flow of the processing when storing the 
distribution use key data KD^ to KD3 received from the 
EMD service center 302 in the storage unit 1 92 Is similar 
to that of the case of the SAM 1 05^ mentioned before. 
[1056] Next, an explanation will be made of the flow 
of the processing in the SAM 305-, when receiving as 
input the secure container 304 from the service provider 
310 by referring to Fig. 76. 

[1057] Mutual certification is carried out between the 
mutual certification unit 1 70 and the mutual certification 
unit 352 of the service provider 31 0 shown in Fig. 63. 
[1058] The encryption and/or decryption unit 171 de- 
crypts the secure container 304 shown in Fig. 65 re- 
ceived from the service provider 31 0 via the service pro- 
vider management unit 580 by using the session key 
data KsEs obtained by the related mutual certification. 
[1 059] Next, the signature processing unit 589 verifies 
the signature data SIGgi, ESC and SIG^ EscShown in Fig. 
BSD, and then verifies the legitimacy of the signature 

dataSIGe.cp.SIGea.sp. SIG^ cp, SIG63,sp,andSIG64_sp 
by using the public key data Kgpp and Kopp stored' in 
the certificate data CERgp and CERcp- 
[1060] Here, by verifying the signature data SIGg^cp 
and SIGea.sp. the legitimacy of the producer and trans- 
mitter of the content file CF is confimned, by verifying the 
signature data SIGy cp and SIGga^sp* the legitimacy of 
the transmitter of the key file KF is confirmed, and by 
verifying the signature data SIG64 gp, the legitimacy of 
the producer and the transmitter of the price tag data 
312 is confinned. 

[1061] Also, by verifying the legitimacy of the signa- 
ture data SIGki^esc stored in the key file KF shown in 
Fig. 65B by using the public key data Kesc.p read out 
from the storage unit 1 92, the signature processing unit 
589 verifies the legitimacy of the producer of the key file 
KF and whether or not the key file KF is registered in the 
EMD service center 302. 

[1 062] When the legitimacy of all signature data men- 
tioned above is confirmed in the signature processing 
unit 589, the service provider management unit 580 out- 
puts the secure container 304 to the error correction unit 
181. 

[1063] The error con-ection unit 1 81 corrects the error 
of the secure container 304 and then outputs the same 
to the download memory management unit 182. 
[1064] The download memory management unit 1 82 
perfonns the mutual certification between the mutual 
certification unit 170 and the media SAM 167a shown 
in Fig. 74 and then writes the secure container 304 into 
the download memory 167. 

[1065] Next, the download memory management unit 



182 perfomns the mutual certification between the mu- 
tual certification unit 170 and the media SAM 167a 
shown in Fig. 74 and then reads out the key file KF 
shown in Fig, 65B stored in the secure container 304 

5 from the download memory 1 67 and outputs the same 
to the secure container decryption unit 1 83. 
[1066] Then, in the secure container decryption unit 
1 83, by using the distribution use data KD^ to KD3 of the 
corresponding period input from the storage unit 192. 

10 the content key data Kc. usage control policy data 1 06. 
and the SAM program download containers SDC^ to 
SDC3 stored in the key file KF shown in Fig. 65B are 
decrypted. 

[1067] Then, the decrypted content key data Kc, us- 
15 age control policy data 106, and the SAM program 
download containers SDC^ to SDC3 are written into the 
stack memory 200. 

[1 068] Below, an explanation will be made of the flow 
of the processing until the purchase form of the secure 
20 container 304 downloaded on the download memory 
167 from the service provider 310 is determined by re- 
ferring to Fig. 78 and Fig. 79. 

[1069] Figure 79 is a flowchart for explaining the pur- 
chase form determination processing of the secure con- 
25 tainer 304. 

<Step E1> 

[1 070] Where the operation signal S 1 65 indicating the 
30 demo mode is output to the charge processing unit 587 
by the operation of the purchase and/or usage form de- 
temnination operation unit 165 shown in Fig. 74 by the 
user, the processing of step E2 is earned out. In other 
cases, the processing of step E3 is carried out. 

35 

<Step E2> 

[1071] This is carried out where the operation signal 
SI 65 indicating the demo mode is output to the charge 

40 processing unit 587, and for example the content file CF 
stored in the download memory 157 is output via the 
decryption and/or expansion module management unit 
184 to the decryption and/or expansion module 163 
shown in Fig. 74. 

45 [1 072] At this time, with respect to the content file CF, 
the mutual certification between the mutual certification 
unit 170 and the media SAM 167a and the encryption 
and/or decryption by the session key data KgEs and the 
mutual certification between the mutual certification unit 

50 170 and the mutual certification unit 220 and the encryp- 
tion and/or decryption by the session key data Kses are 
carried out. 

[1 073] The content file CF is decrypted in the decryp- 
tion unit 221 shown in Fig. 74 by using the session key 
55 data K3E3 and then output to the decryption unit 222. 
[1 074] Also, the content key data Kc and the half dis- 
closure parameter data 199 read out from the stack 
memory 200 are output to the decryption and/or expan- 
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sion module 1 63 shown in Fig. 74. At this time, after the 
mutual certification between the mutual certification unit 
1 70 and the mutual certification unit 220, the encryption 
and decryption by the session key data Kges are carried 
out with respect to the content key data Kc and the half 
disclosure parameter data 199. 

[1075] Next, the decrypted half disclosure parameter 
data 1 99 is output to the half disclosure processing unit 
225, and under the control from the half disclosure 
processing unit 225, the decryption of the content data 
C using the content key data Kc by the decryption unit 
222 is carried out in a half disclosure mode. 
[1076] Next, the content data C decrypted in the half 
disclosure mode is expanded at the expansion unit 223 
and then output to the electronic watemnark information 
processing unit 224. 

[1077] Next, the user watemnark use data 1 96 is bur- 
ied in the content data C in the electronic watermark in- 
formation processing unit 224, then the content data C 
is reproduced at the reproduction module 169, and 
sound in accordance with the content data C is output. 

<Step E3> 

[1078] When the user determines the purchase form 
by operating the purchase and/or usage fomn determi- 
nation operation unit 1 65, the operation signal SI 65 in- 
dicating the related detemnined purchase forni is output 
to the charge processing unit 1 87. 

<Step E4> 

[1079] In the charge processing unit 187, the usage 
log data 308 and the usage control status data 166 in 
accordance with the determined purchase fonn are pro- 
duced , t he usage log data 308 is written into the external 
memory 201 via the external memory management unit 
81 1 , and the usage control status data 1 66 is written into 
the stack memory 200. 

[1080] Thereafter, in the usage monitor unit 1 86, con- 
trol (monitor) is carried out so that the content is pur- 
chased and used within the range pemnitted by the us- 
age control status data 166. 

[1081] Then, by using the key file KF and the usage 
control status data 1 66 stored in the stack memory 200, 
a new key file KF^ with the purchase fomn determined 
therefor shown in Fig. 81 C is produced, and the related 
produced key tile KF-, is stored in the stack memory 200. 
[1082] As shown in Fig. 81 C, the usage control status 
data 1 66 stored in the key file KF^ has been sequentially 
encrypted by utilizing the CBC mode of the DES by us- 
ing the storage key data Kstr and the media key data 
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[1083] Here, the storage use key data KgyR is data 
determined in accordance with the type of apparatus, 
for example, an SACD (Super Audio Compact Disc). 
DVD (Digital Versatile Disc) apparatus, CD-R appara- 
tus, and MD (Mini Disc) apparatus, and used for estab- 



lishing one-to-one correspondence between the types 
of the apparatuses andthe types ofthe storage medium. 
Also, the media key data Kmed 's data unique to the stor- 
age medium. 

5 [1 084] Also, in the signature processing unit 589, the 
hash value Hki of the key file KF^ is produced by using 
the secret key data Ksami.s of the SAM 305^, and the 
related produced hash value Hki is stored in the stack 
memory 200 in correspondence to the key file KF^. 

10 

<Step E5> 

[1 085] The usage control status data 1 66 is transmit- 
ted from the SAM 305^ to the EMD service center 302. 
15 The related usage control status data 1 66 is transmitted 
whenever the purchase form of the content data is de- 
termined in the SAM 305. 

[1 086] Note that, the usage log data 308 is transmitted 
from the SAM 305^ to the EMD service center 302 at 
20 predetermined time intervals of for example one month. 
[1087] Next, an explanation will be made of the flow 
of the processing in the case where the content data C 
for which the purchase form is already detennined 
stored in the download memory 167 is reproduced by 
25 referring to Fig. 78. 

[1088] In this case, under the monitoring by the usage 
monitor unit 186, based on the operation signal SI 65, 
the content file CF stored in the download memory 1 67 
is output to the decryption and/or expansion module 1 63 
30 shown in Fig. 74. 

[1 089] Also, the content key data Kc read out from the 
stack memory 200 is output to the decryption and/or ex- 
pansion module 1 63. 

[1090] Then, in the decryption unit 222 of She decryp- 
ts tion and/or expansion module 163, the decryption ofthe 
content file CF using the content key data Kc and the 
expansion processing by the expansion unit 223 are 
carried out, and the content data C is reproduced in the 
reproduction module 169. 
40 [1091] At this time, in the charge processing unit 587. 
the usage log data 308 stored in the external memory 
201 is updated in response to the operation signal SI 65. 
[1 092] The usage log data 308 is transmitted together 
with the signature data SIG205.SAMI produced by using 
45 the secret key data Kqami .s v'a the EMD service center 
management unit 1 85 to the EMD service center 302 at 
a predetermined timing. 

[1093] Next, as shown in Fig. 80, an explanation will 
be made of the flow of the processing in the SAM 305^ 
50 in the case where, for example, the secure container 
304x shown in Fig. 81 for which the purchase fomn has 
been already determined and downloaded on the down- 
load memory 167 of the network apparatus 360^ is 
transferred via the bus 191 to the SAM 305^ of the AV 
55 apparatus 36O2 by referring to Fig. 82. 

[1 094] The user operates the purchase and/or usage 
form determination operation unit 165 to instruct to 
transfer the predetemnined content stored in the down- 
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load memory 167 to the AV apparatus SBO^. The oper- 
ation signal S1 65 in accordance with the related opera- 
tion is output to the charge processing unit 587. 
[1095] By this, the charge processing unit 587 up- 
dates the usage log data 308 stored in the stack memory 
200 based on the operation signal S165. 
[1096] Also, the download memory management unit 
182 outputs the content files CF and key files KF and 
KFi shown in Figs. 81 A, 81 B and 81 C read out from the 
download memory 1 67 to the signature processing unit 
589 and the SAM management unit 190. 
[1097] Then, the signature processing unit 589 pro- 
duces the signature data SIG41 sami and SIG42 sami of 
the content files CF and the key files KF and, at the same 
time, produces the hash value H^i of the key file KF^, 
and outputs them to the SAM management unit 1 90. 
[1 098] Also, the SAM management unit 1 90 reads out 
the price tag data 312 and the signature data SIG64sp 
thereof and the certificate data CERcp and the signature 
data SIG^^sc thereof shown in Figs. 81Dand81Efrom 
the stack memory 200. 

[1 099] Also, the SAM management unit 1 90 reads out 
the certificate data CERq^^^^ and the signature data 
S'*^22.Esc thereof shown in Fig. 81 E from the storage 
unit 192. 

[1 1 00] Next, the SAM management unit 1 90 produces 
the secure container 304x shown in Fig. 81 . 
[1101] Also, the mutual certification unit 170 outputs 
the session key data Kqeq obtained by mutual certifica- 
tion with the SAM 3063 to the encryption and/or decryp- 
tion unit 171. 

[1102] The SAM management unit 1 90 encrypts the 
secure container 304x shown in Fig. 81 in the encryption 
and/or decryption unit 1 71 by using the session key data 
KsES and then outputs the same to tlie SAM 3052 of the 
AV apparatus 36O2 shown in Fig. 82. 
[1103] Below, as shown in Fig. 80, an explanation will 
be made of the flow of the processing in the SAM 3052 
when writing the secure container 304x input from the 
SAM 305., into a storage medium such as a RAM by 
referring to Fig. 83. 

[1104] In this case, the SAM management unit 190 of 
the SAM 3052 receives as input the secure container 
304x shown in Fig. 81 from the SAM 305^ of the network 
apparatus 360^ as shown in Fig. 83. 
[1105] Then, the mutual certification between the mu- 
tual certification unit 170 of the SAM 305^ and the mu- 
tual certification unit 1 70 of the SAM 3052 carried out, 
and the signature processing unit 589 decrypts the se- 
cure container 304x by using the session key data Kg^s 
obtained by the related mutual certification. 
[1106] Next, in the signature processing unit 589, by 
using the public key data K^q^.f read out from the stor- 
age unit 192, the legitimacy* of the signature data 

^'*^6i,ESC' S'^LESc and SIG22,esc shown in Fig. 81 E 
is verified. 

[1107] Then, when the legitimacy of the signature da- 
ta SIGg-i^Esc. SIG1 ESC- and SIG22,esc 's confimned, in 



the signature processing unit 589, by using the public 
key data K^p p, Kcp^, and Ksami p contained in the cer- 
tificate data CERsp. CERcp. and CERqami. the legiti- 
macy of the signature data SIGg^cp. SIGgasp. 
^ SIG41 SAM1. SIG7 CP, SIG63 sp. SIG42,sAM. and SIGs4 SP 
shown in Figs. 81 A to 81 D and the hash value Hki' is 
verified. 

[1108] Then, when the legitimacy of these signature 
data is conf inned, the key files KF and KF^ and the price 
^0 tag data 312 are stored in the stack memory 200. 

[1 1 09] Also, the content file CF is outputf rom the SAM 
management unit 190 to the storage module manage- 
ment unit 855. 

[1110] Then, the content key data Kc and the usage 
'5 control status data 1 66 stored in the key file KF^ shown 
in Fig. 81 C are read out from the stack memory 200 to 
the encryption and/or decryption unit 1 73, and in the en- 
cryption and/or decryption unit 173, sequentially en- 
crypted by using the storage use key distribution use 
20 data KDsTR. media key data K^ed. and the purchaser 
key data Kpi^ read out from the storage unit 192 and 
then output to the storage module management unit 
855. 

[1111] Also, the key file KF read put from the stack 
25 memory 200 is output to the storage module manage- 
ment unit 855. 

[1112] Then, after the mutual certification between 
the mutual cert:ification unit 1 70 and the media SAM 133 
of the RAM type storage medium I3O4., the content file 
30 CF is stored in the unsecu re RAM region 134 of the RAM 
type storage medium I3O4, and the key files KF and KF^ 
and the price tag data 312 are written into the secure 
RAM region 132. 

[1113] Note that, it is also possible to store the key 
35 files KF and KF^ and the price tag data 31 2 in the media 
SAM 133 of the RAM type storage medium I3O4. 
[1114] Note that, among the processing in the SAM 
305-1, the flow of the processing in the AV apparatus 
36O2 when determining the purchase fonn of the ROM 
40 type storage medium with the purchase fonn of the con- 
tent still undetermined and the flow of the processing 
when reading the secure container 304 from the ROM 
type storage medium with the purchase fomri still unde- 
tennined in the AV apparatus 36O3, transferring this to 
^5 the AV apparatus 36O2. and writing the same into the 
RAM type storage medium are the same as the case of 
the SAM 105., of the first embodiment except for the 
point that the signature data is verified using the secret 
key data of the service provider 310 and for the point 
50 that the price tag data 312 is stored in the key file with 
the purchase fonn determined. 

[1115] Next, an explanation will be made of the overall 
operation of the EMD system 300 shown in Fig. 59. 
[1116] Figure 84 and Fig. 85 are flowcharts of the 
55 overall operation of the EMD system 300. 

[1117] Here, an explanation will be made by exempli- 
fying the case where the secure container 304 is trans- 
mitted from the service provider 310 to the user home 



82 



163 



EP1 132 828 A1 



164 



network 303 on-line. 

[1118] Note that, as the prerequisite of the following 
processing, it is assumed that the registration of the con- 
tent provider 301 . service provider 31 0, and SAMs 305^ 
to 3054 to the EMD service center 302 has been already 
finished. 

[1119] Step S21 : The EMD service center 302 trans- 
mits the certificate CERcp of the public key data Kcp.p 
of the content provider 301 together with the its own sig- 
nature data SlGi esc ^^e content provider 301 . 
[1120] Also, the EMD service center 302 transmits the 
certif icate CERgp of the public key data Ksp,p of the con- 
tent provider 301 together with its own signature data 
SlGei ESC to the service provider 310. 
[1121] Also, the EMD service center 302 transmits 
three months' worth of the distribution use key data KD^ 
to KD3 each having the expiration date of one month to 
the SAMs 305^ to 3064 of the user home network 303. 
[1122] Step 822: After the mutual certification, the 
content provider 301 transmits the registration use mod- 
ule Mods shown in Fig. 18 to the EMD service center 
302. 

[1123] Then, after the predetemnlned signature verifi- 
cation, the EMD service center 302 registers and au- 
thenticates the usage control policy data 106 and con- 
tent key data Kc. 

[1 1 24] Also, the EM D service center 302 produces six 
months' worth of the key files KF shown in Fig. 5B in 
accordance with the registration use module Modg, and 
transmits this to the content provider 301 . 
[1125] Step 323: The content provider 301 produces 
the content file CF and the signature data SIGe.cp there- 
of and the key file KF and the signature data SIGy ^P 
thereof shown in Figs. 5A and 5B and provides the se- 
cure container 1 04 storing them and the certificate data 
CERcp and the signature data SIG^ esc thereof shown 
in Fig. 5C to the service provider 31 0 on-line and/or off- 
line. 

[1 1 26] Step S24: The service provider 3 1 0 verifies the 
signature data SIG^ esc shown in Fig. 50 and then ver- 
ifies the signature data SlGg cp and SIGy cp shown in 
Figs. 5A and 5B by using the public key data K^pp 
stored in the certificate data CERcp and confirms if the 
secure container 1 04 was transmitted from a legitimate 
content provider 301 . 

[1 1 27] Step S25 : The service provider 31 0 produces 
the price tag data 312 and the signature data SIG64 sp 
thereof and produces the secure container 304 shown 
in Fig. 65 storing them. 

[1128] Step S26: The service provider 31 0 transmits 
the price tag registration request module Mod^oa shown 
in Fig. 69 to the EMD.service center 302. 
[1129] Then, the EMD service center 302 registers 
and authenticates the price tag data 312 after the pre- 
detemnined signature verification. 
[1130] Step S27: The service provider 31 0 transmits 
the secure container 304 produced at step S25 on-line 
or off-line to the decryption module 905 of the network 



apparatus 360i shown in Fig. 74 in response to the re- 
quest from for example the CA module 311 of the user 
home network 303. 

[1131] Step 828: The CA module 311 produces the 
5 SP use purchase log data 309 and transmits this to the 
service provider 310 at the predetermined timing. 
[1132] Step 829: In any of the SAMs 305^ to 3054, 
after verifying the signature data SlGei.Esc shown in 
Fig 65D, the signature data SlGga.sP' SIG63 sp, and 
10 SIG64 SP shown in Figs. 65A. 658 and 65C are verified 
by using the public key data Kgp.p stored in the certifi- 
cate data CERsp, and it is confirmed whether or not the 
predetermined data in the secure container 304 was 
produced and transmitted in a legitimate service provid- 
15 er310. 

[1133] Step 830: After verifying the signature data 
SIG1 ESC shown in Fig. 65D in any of the SAMs 305^ to 
3054] the signature data SIGq sp and SIGy ^p shown in 
Figs 65A, 658 and 650 are verified by using the public 
20 key data Kqp p stored In the certificate data CERcp, and 
it is confirmed whether or not the content file OF in the 
secure container 304 was produced in a legitimate con- 
tent provider 301 and whether or not the key file KF was 
transmitted from a legitimate content provider 301 . 
25 [1 134] Also, by verifying the legitimacy of the signa- 
ture data SIGki esc the key file KF shown in Fig. 65B 
by using the public key data Kesc.p any of the SAMs 
305i to 3054, it is confirmed whether or not the key file 
KF was produced by a legitimate EMD service center 
30 302. 

[1135] Step 831: The user operates the purchase 
and/or usage fonm detennination operation unit 165 of 
Fig. 74 and determines the purchase and/or usage fonn 
of the content. 

35 [1136] Step 832: Based onthe operation signal S165 
produced at step 831 , in the SAMs 305^ to 3064, the 
usage log data 308 of the secure container 304 is pro- 
duced. 

[1 1 37] The usage log data 308 and the signature data 
40 SIG205SAMI thereof are transmitted from the SAMs 
305^ to 3064 to the EMD service center 302. 
[1138] Also, whenever the purchase fomn is deter- 
mined, the usage control status data 166 is transmitted 
from the SAMs 305^ to 3054 to the EMD service center 
45 302. 

[1139] Step S33: The EMD service center 302 deter- 
mines (calculates) the charge content for each of the 
content provider 301 and the service provider 31 0 based 
on the usage log data 308 and produces the settlement 
50 claim data 1 52c and 1 52s based on the result thereof. 
[1140] Step 834: The EMD service center 302 trans- 
mits the settlement claim data 152c and 152s together 
with its own signature data to the settlement manager 
91 via the payment gateway 90. By this, the money paid 
55 by the user of the user home network 303 to the settle- 
ment manager 9 1 is distributed to the owners of the con- 
tent provider 301 and the sen/ice provider 310. 
[1141] As explained above, in the EMD system 300. 
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the secure container 104 of the format shown in Fig. 5 
is distributed from the content provider 301 to the serv- 
ice provider 310. the secure container 304 storing the 
content file CF and key file KF in the secure container 
104 as they are is distributed from the sen^ice provider 
310 to the user home network 303. and the processing 
for the key file KF is earned out in the SAMs 305^ to 



305^ 

[1142] Also, the content key data Kc and usage con- 
trol policy data 106 stored in the key file KF have been 
encrypted by using the distribution use key data KD^ to 
KD3 and decrypted in only the SAMs 305^ to 3084 hold- 
ing the distribution use key data KD^ to KD3. The SAMs 
305i to 3054 are modules having tamper resistance. 
The purchase form and the usage fonri of the content 
data C are determined based on the handling content 
of the content data C described In the usage control pol- 
icy data 106. 

[1143] Accordingly, according to the EMD system 
300, the content data C can be reliably purchased and 
used in the user home network 303 based on the content 
of the usage control policy data 106 produced by the 
interested party of the content provider 1 01 irrelevant to 
the processing in the service provider 310. Namely ac- 
cording to the EMD system 300, it is possible to prevent 
the usage control policy data 106 from being managed 
by the service provider 31 0. 

[1144] For this reason, according to the EMD system 
300, even in a case where the content data C is distrib- 
uted to the user home network 303 via a plurality of serv- 
ice providers 31 0 of different affiliations, the rights clear- 
ing for the related content data C in the user home net- 
wori< 303 can be performed based on the common us- 
age control policy data 1 06 produced by the content pro- 
vider 301. 

[1145] Also, in the EMD system 300, for the files and 
data in the secure containers 1 04 and 304, the signature 
data indicating the legitimacy of the producers and the 
transmitters of them are stored. Therefore, in the sen/ice 
provider 31 0 and the SAMs 305^ to 305^, the legitimacy 
of the producers and transmitters and whether or not the 
data has been tampered with can be confirmed. As a 
result, the illegitimate usage of the content data C can 
be effectively avoided. 

[1146] Also, in the EMD system 300, by distributing 
the content data C from the service provider 31 0 to the 
user home network 103 by using the secure container 
304 in both of the cases of on-line and off-line, in both 
cases, common rights clearing of the content data C in 
the SAMs 305i to 3064 can be performed, 
[1147] Also, in the EMD system 300, when purchas- 
ing, using, recording, and transferring the content data 
C In the networi< apparatus 360^ and the AV apparatus- 
es 36O2 to 36O4 in the user home networi< 303, by always 
perfomning the processing based on the usage control 
policy data 106. common rights clearing rules can be 
employed. 

[1148] For example, as shown in Fig. 86. no matter 



by what technique (route) the content data C provided 
by the content provider 301 is distributed (delivered) 
from the service provider 31 0 to the user home network 
303. such as package communication, a digital broad- 
5 cast. Internet, dedicated line, digital radio, and mobile 
communication, in the SAMs of the user home networks 
303 and 303a. common rights clearing rules are em- 
ployed based on the usage control policy data 106 pro- 
duced by the content provider 301 . 
^0 [1 149] Also, according to the EMD system 300, since 
the EMD service center 302 has the certificate authority 
function, key data management function, and the rights 
clearing (profit distribution) function, the money paid by 
the user accompanied with the usage of the content is 
^5 reliably distributed to the owners of the content provider 
301 and the EMD service center 302 according to the 
ratio detemiined in advance. 

[1150] Also, according to the EMD system 300, the 
usage control policy data 1 06 for the same content file 
20 CF supplied by the same content provider 301 is sup- 
plied as is to the SAMs 305^ to 3064 irrelevant as to the 
service fomnat of the service provider 310. Accordingly, 
in the SAMs 305^ to 3064, the content file CF can be 
used according to the intention of the content provider 
25 301 based on the usage control policy data 1 06. 

[1 151] Namely according to the EMD system 300, at 
the time of a service using the content and usage of the 
content by the user, the rights and profit of the owner of 
the content provider 301 can be reliably protected by 
30 technical means without depending on an inspection or- 
ganization 725 as in the conventional case. 
[1152] Below, an explanation will be made of a con- 
crete example of the transport protocol such as the se- 
cure container employed in the EMD system 300 of the 
25 above second embodiment. 

[1153] As shown in Fig. 87, the secure container 104 
produced in the content provider 301 is provided to the 
service provider 310 by using a content provider use 
transport protocol of the Internet (TCP/IP) or dedicated 
40 line (ATM cell). 

[1154] Also, the service provider 310 distributes the 
secure container304 produced by using the securecon- 
tainer 104 to the user home network 303 by using the 
service provider use transpo rt protoco I of a digital broad- 
45 cast (XML7SMIL on MPEG-TS), Intemet (XMLySMIL on 
TCP/IP), or package circulation (storage medium). 
[1155] Also, the secure container is transferred 
among SAMs in the user home networks 303 and 303a 
or between the user home networi< 303 and 303a by us- 
50 ing the home EC/distribution service (XMiySMIL on 
1394 serial bus . interface) or storage medium. 
[1156] Below, an example of the transport protocol 
employed in the data transfer in the routes indicated by 
reference symbols A to G will be explained in detail in 
55 Fig. 87. 

[1 157] Figure 88 is a view for explaining the transport 
protocol employed when transporting the secure con- 
tainer 104 etc. between the content provider 301 and 
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the service provider 310 (symbol A) shown in Fig. 87. 
[1 1 58] As shown in Fig. 88, the secure container 1 04 
etc. are transported fronn the content provider 301 to the 
service provider 31 0 by a session using a comnnon key 
in the IP/IP-SEC layer, SSL (Secure Sockets Layer), 
XML (Extensible Markup Language)/SMIL (Synchro- 
nized Multimedia Integration Language) layer, and ap- 
plication layer. 

[1 1 59] Figure 89 is a view for explaining the transport 
protocol ennployed when transporting the key file etc. 
between the EMD service center 302 and the content 
provider 301 (symbol B) shown in Fig. 87. 
[1160] As shown in Fig. 89, the key file etc. are trans- 
ported fronn the EMD service center 302 to the content 
provider 301 by a session using a common key in the 
IP/IP-SEC layer, SSLJayer, and the application layer. 
[11 61 ] Figure 90 is a view for explaining the transport 
protocol employed when transporting the price tag data 
312 etc. between the EMD service center 302 and the 
service provider 310 (symbol C) shown in the figure. 
[1 1 62] As shown in Fig. 90, the price tag data 31 2 etc. 
are transported from the EMD service center 302 to the 
service provider 31 0 by a session using a common key 
in the IP/IP-SEC layer, SSL layer, and the application 
layer. 

[1 1 63] Figure 91 is a view for explaining the transport 
protocol employed when transporting the secure con- 
tainer 304 etc. between the service provider 31 0 and the 
user home network 303 (symbol D) and in the user home 
network 303 (symbol E) shown in Fig. 87. 
[1164] As shown in Fig. 91 . the secure container 304 
etc. are transported from the service provider 31 0 to the 
network apparatus 360-, of the user home network 303. 
[1 165] At this time: the MPEG-TS layer, PES layer, or 
DSM-CC_Data_Carousel layer and MHEG (Multimedia 
and l-iypemnedia Experts) layer or "http layer and XML/ 
SMIL layer" are used as the service provider use com- 
modity transport protocol for transfen-ing the secure 
container 304 between the service provider 31 0 and the 
network apparatus 360^. 

[1166] Also, between the network apparatus 360., and 
a storage apparatus SSOg and between AV apparatuses, 
HAVi (XML) is used as the user home network commod- 
ity transport protocol for transferring the secure contain- 
er. 

[1167] At this time, where XMLVSMIL/BML is utilized 
in the data broadcast method of a digital broadcast, the 
content files CF1 and CF2 and the key files KF1 and 
KF2 and the demo sample of the secure container 304 
are stored in a BMUXML/SMIL layer on the HTTP layer 
and a monomedia data layer and transported as shown 
in Fig. 92. 

[1168] Also, where the MHEG is utilized in the data 
broadcast method of a digital broadcast, the content 
files CF1 and CF2 and the key files KF1 and KF2 and 
the demo sample of the secure container 304 are stored 
in the monomedia data layer on the MHEG layer and 
transported as shown in Fig. 93. 



[1 169] Also, where the XML/SMIL is utilized in the da- 
ta broadcast method of a digital broadcast, the content 
files CF1 and CF2 and the key files KF1 and KF2 and 
the demo sample of the secure container 304 are stored 
5 in the XML/SMIL layer on the HTTP layer and transport- 
ed as shown in Fig. 94. 

[1 1 70] Figure 95 is a view for explaining the transport 
protocol employed when the usage log data 308 and the 
usage control status data 166 etc. are transported be- 
to tween the EMD service center 302 and the user home 
networks 303 and 303a (symbol G) shown in Fig. 87. 
[1171] As shown in Fig. 95, where the usage log data 
308 etc. are transferred from the network apparatus 
360i to the EMD service center 302, a session using the 
15 session key data is carried out in the IP/IP-SEC layer, 
SSL layer, and the application layer. 
[1172] Also, where the network apparatus 36O2 etc. 
transfer the usage log data 308, usage control status 
data 1 66, etc. to the EMD service center 302, after the 
20 usage log data 308 etc. are transferred from the storage 
apparatus 36O2 to the network apparatus 360-, by a ses- 
sion in the IP/IP-SEC layer and the HAVi layer, they are 
transferred from the network apparatus 360^ to the EMD 
service center 302 as mentioned before. 
25 [1 173] Figure 96 is a view for explaining the transport 
protocol employed when transporting the secure con- 
tainer from the storage apparatus 36O4 of the user home 
network 303 to the storage apparatus 360^^ of the user 
home network 303a shown in Fig. 87. 
30 [1174] As shown in Fig. 96, the secure container is 
transported from the storage apparatus 36O4 to the stor- 
age apparatus 360^1 by a session using a common key 
in the IP/IP-SEG layer, SSL layer, XMUSMIL layer and 
the application layer. 

35 

First modification of second embodiment 

[1175] Figure 97 is a view of the configuration of an 
EMD system 300a using two service providers accord- 

40 ing to a first modification of the second embodiment. 
[1176] In Fig. 97, components given the same refer- 
ence numerals as those of Fig. 59 are the same as the 
components having the same reference numerals ex- 
plained in the first embodiment. 

45 [1 177] As shown in Fig. 97, in the EMD system 300a, 
the same secure containers 104 are supplied from the 
content provider 301 to service providers 310a and 
310b. 

[1 1 78] The service provider 31 Oa offers a service pro- 
50 viding for example a drama program as the content. In 
the related service, a secure container 304a storing the 
content data C related to the drama program and price 
tag data 31 2a uniquely produced for the related content 
data C is produced and is distributed to the network ap- 
55 paratus 360-,. 

[1 1 79] Also, the service provider 31 Ob provides for ex- 
ample a karaoke service. 1 n the related service , a secure 
container 304b storing the content data C related to the 
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karaoke service and price tag data 312b uniquely pro- 
duced for the related content data C is produced and is 
distributed to the network apparatus 360^, 
[1180] Here, the formats of the secure containers 
304a and 304b are the same as that of the secure con- 5 
tainer304 explained by using Fig. 65. 
[1181] A network apparatus 360ai is provided with 
CA modules 31 1 a and 311b corresponding to the serv- 
ice providers 310a and 310b. 

[1182] The CA modules 311a and 311b are receive io 
the secure containers 304a and 304b in response to re- 
quests from them to the service providers 310a and 
310b. 

[1183] Next, the CA modules 311a and 311b produce 
S P use purchase log data 309a and 309b in accordance i5 
with the distributed secure containers 304a and 304b 
and transmit them to the service providers 310a and 
310b. 

[1184] Also, the CA modules 311a and 311b decrypt 
the secure containers 304a and 304b by the session key 20 
data KsEs and then output the same to the SAMs 305. 
to 3054. 

[1185] Next, in the SAMs 305^ to 3054, the key files 
KF in the secure containers 304a and 304b are decrypt- 
ed by using the common distribution use key data KD^ 25 
to KD3, the processing concerning the purchase and/or 
usage of the content in accordance with the operation 
from the user is carried out based on the common usage 
control policy data 106, and the usage log data 308 in 
accordance with that is produced. 30 
[1186] Then, the usage log data 308 is transmitted 
from the SAMs 305^ to 3064 to the EMD service center 
302. 

[1187] In the EMD service center 302, based on the 
usage log data 308, the charge content is determined 35 
(calculated) for each of the content provider 301 and the 
service providers 310a and 310b. and the settlement 
claim data 152c, 152sa, and 152sb corresponding to 
them are produced based on the results thereof. 
[1 188] The EMD service center 302 transmits the set- 40 
tiement claim data 152c, 152sa, and 152sb to the set- 
tlement manager 91 via the payment gateway 90. By 
this, the money paid by the user of the user home net- 
work 303 to the settlement manager 91 is distributed to 
the owners of the content provider 301 and the service 45 
providers 31 Oa and 31 Ob. 

[1189] As mentioned above, according to the EMD 
system 300a, when the same content file CF is supplied 
to the service providers 31 Oa.and 31 Ob, the usage con- 
trol policy data 1 06 for the related content file CF is en- so 
crypted by the distribution use key data KD-, to KDg and 
supplied to the service providers 310a and 310b, and 
the service providers 310a and 310b distribute the se- 
cure containers 304a and 304b storing the encrypted 
usage control policy data 106 as It is to the user home 55 
network. For this reason, in the SAMs 305^ to 3054 in 
the user home network, no matter which of the service 
provider 31 Oa or 31 Ob the content file CF is distributed 



from, the rights can be cleared based on the common 
usage control policy data 106. 

[1190] Note that, in the first modifbation, the case 
where two service providers were used was exempli- 
fied, but in the present invention, any number of the 
service providers may be provided. 

Second modification of second embodiment 

[1 191] Figure 98 is a view of the configuration of an 
EMD system 300b using a plurality of content providers 
according to a second modification of the second em- 
bodiment. 

[1192] In Fig. 98, components given the same refer- 
ence numerals as those of Fig. 59 are the same as the 
components having the same reference numerals ex- 
plained In the first embodiment. 

[1193] As shown in Fig. 98. in the EMD system 300b, 
the key files KFa and KFb are supplied from the EMD 
service center 302 to the content providers 301a and 
301b, and the secure containers 104a and 104b are 
supplied from content providers 301a and 301b to the 
service provider 310. 

[1 194] The service provider 31 0 provides a service by 
using the content supplied by for example the content 
providers 301a and 301b, produces the price tag data 
312a for the secure container 104a and the price tag 
data 312b for the secure container 1 04b, and produces 
a secure container 304c storing them. 
[1195] As shown in Fig. 98. in the secure container 
304c, the content data CFa. CFb. key files KFa and KFb, 
price tag data 312a and 312b, and the signature data 
by the secret key data Kcp.s of the sen/ice provider 31 0 
for each of them are stored. 

[1 196] The secure container 304c is received at the 
CA module 311 of the network apparatus 360^ of the 
user home network 303 and then processed at the 
SAMs 305^ to 3054. 

[1 197] In the SAMs 305i to 3054, the key file KFa is 
decrypted by using the distribution use key data KDa^ 
to KDag, the processing concerning the purchase and/ 
or usage is carried out in accordance with the operation 
from the userforthecontent file CFa based on the usage 
control policy data 1 06a, and the log thereof is described 
in the usage log data 308. 

[1 1 98] Also, in the SAMs 305^ to 3064, the key file KFb 
is decrypted by using distribution use key data KDb-, to 
KDb3, the processing concerning the purchase and/or 
usage is carried out in accordance with the operation 
from the userforthecontentfile CFb based on the usage 
control policy data 1 06b, and the log thereof is described 
in the usage log data 308. 

[1199] Then, the usage log data 308 is transmitted 
from the SAMs 305^ to 3064 to the EMD service center 
302. 

[1200] In the EMD service center 302, based on the 
usage log data 308. the charge content is determined 
(calculated) for each of the content providers 301 a and 
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301 b and the service provider 31 0 , and settlement claim 
data 1 52ca. 1 52cb , and 1 52s corresponding to tliem are 
produced based on tlie results thereof. 
[1 201 ] The EMD service center 302 transmits the set- 
tlement claim data 1 52ca, 1 52cb , and 1 52s via the pay- 
ment gateway 90 to the settlement manager 91 . By this, 
the money paid by the user of the user home network 
303 to the settlement manager 91 is distributed to the 
owners of the content providers 301 a and 301 b and the 
service provider 31 0. 

[1202] As mentioned above, according to the EMD 
system 300b , as the usage control policy data 1 06a and 
1 06b of the content files CFa and CFb stored in the se- 
cure container 304, those produced by the content pro- 
viders 301a and 301b are used as they are, therefore, 
in the SAMs 305^ to 3064, the rights for the content files 
CFa and CFb are reliably cleared based on the usage 
control policy data 106a and 106b according to the in- 
tention of the content providers 301 a and 301 b. 
[1203] Note that, in the second modification shown in 
Fig . 98 , the case where two content providers were used 
was exemplified, but any number of the content provid- 
ers may be used. 

[1204] Further, there may be a plurality of both of the 
content providers and sen/ice providers. 

Third modification of second embodiment 

[1205] Figure 99 is a view of the configuration of the 
EMD system according to a third modification of the sec- 
ond embodiment. 

[1 206] In the second embodiment, the case where the 
EMD service center 302 performed the settlement for 
the content provider 301 and the service provider 310 
at the settlement manager 91 was exemplified, but in 
the present invention, for example, as shown in Fig. 99, 
it is also possible for the settlement claim data 1 52c for 
the content provider 301 and the settlement claim data 
1 52s for the service provider 31 0 to be produced based 
on the usage log data 308 in the EMD service center 
302 and for them to be transmitted to the content pro- 
vider 301 and the service provider 31 0. 
[1207] In this case, the content provider 301 perfomns 
settlement at a settlement manager 91a via a payment 
gateway 90a by using the settlement claim data 152c. 
Further, the service provider 31 0 perfomns settlement at 
a settlement manager 91b via a payment gateway 90b 
by using the settlement claim data 1 52s. 

Fourth modification of second embodiment 

[1208] Figure 100 is a view of the configuration of the 
EMD system according to a fourth modification of the 
second embodiment. 

[1 209] In the second embodiment, the case where the 
service provider 31 0 did not have a charging function as 
in for example the current Internet was exemplified, but 
where the service provider 310 has a charging function 



as in the current digital broadcast, in the CA module 31 1 , 
a usage log data 308s with respect to the service of the 
service provider 310 conceming the secure container 
304 is produced and transmitted to the service provider 
5 310. 

[1210] Then, the service provider 310 performs 
charge processing based on the usage log data 308s to 
produce the settlement claim data 152s and performs 
settlement at the settlement manager 91b via the pay- 
to ment gateway 90b by using this. 

[1 21 1 ] On the other hand, the SAMs 305^ to 3054 pro- 
duce usage log data 308c with respect to the rights 
clearing of the content provider 301 concerning the se- 
cure container 304 and transmit them to the EMD serv- 
15 ice center 302. 

[1212] The EMD service center 302 produces the set- 
tlement claim data 152c based on the usage log data 
308c and transmits this to the content provider 301 . 
[1213] The content provider 301 performs settlement 
20 at the settlement manager 9 1 a via the payment gateway 
90a by using the settlement claim data 152c. 

Fifth modification of second embodiment 

25 [1214] In the embodiment, as shown in Fig. 72, the 
case where the user preference filter data 903 was pro- 
duced based on the usage log data 308 received from 
the SAM 305i etc. in the user preference filter genera- 
tion unit 901 of the EMD service center 302 was exem- 

30 plif led, but it is also possible to produce for example the 
user preference filter data 903 in the user preference 
filter generation unit 901 based on the usage control sta- 
tus data 166 produced in the user monitor unit 186 of 
the SAM 305i shown in Fig. 78 and transmitted to the 

35 EMD service center 302 in real-time. 

Sixth modification of second embodiment 

[1 21 5] The content provider 301 , the service provider 
40 31 0, and the SAMs 305^ to 3064 can register their secret 
key data Kcps, ^sp,s> and Kqamls to Ksam4.s '" the 
EMD service center 302 too other than their public key 

data Kcp,p, Kgpp, and Ksami.p •^sam4,P' 

[1216] By doing this, it becomes possible for the EMD 

45 service center 302 to tap Into desired communication 
among the communication between the content provid- 
er 301 and the service provider 31 0, the communication 
between the service provider 310 and the SAMs 305^ 
to 3064, and the communication among the SAMs 305^ 

50 to 3054 in the user home network303 by using the secret 
key data Kcp,s, Ksp.s. and Ksami,s ^sau4,s 
sponse to demands from the government or police or- 
ganizations at the time of emergencies. 
[1217] Further, for the SAMs 305^ to 3054, it is also 

55 possible even if the secret key data Ksami ,s *^sam4,s 
are produced by the EMD service center 302 at the time 
of shipment, and they are stored in the SAMS 305^ to 
3064 and. at the same time, held (registered) by the 
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EMD service center 302. 

Seventh modification of second embodiment 

[1218] , In the embodiment, the case where, when the 
content provider 301, service provider 310, and the 
SAMs 305^ to 3054 communicated with each other, the 
certificate data CERcp, CERsp. and CERqami to 
*^^'^SAM4 were acquired from the EMD service center 
302 in advance and were transmitted to the destination 
of communication by the in-band method was exempli- 
fied, but in the present invention, various fomnats can 
be employed as the transmission fomiat of the certifi- 
cate data to the destination of communication. 
[1219] For example, when the content provider 301. 
service provider 310, and the SAMs 305^ to 3064 com- 
municate with each other, it is also possible If the certif- 
icate data CERcp, CERgp, and CERgAwi to CERsam4 
are acquired from the EMD service center 302 in ad- 
vance and are transmitted to the destination of commu- 
nication by the in-band method preceding the related 
communication. 

[1220] Further, it is also possible for the content pro- 
vider 301 , service provider 310, and the SAMs 305^ to 
3054 to acquire the certificate data CERcp, CERgp, and 
^^EI^SAMi toCERs^4from the EMD service center 302 
at the time of communication. 

[1221] Figure 101 is a view for explaining thefonnat 
of the route for acquiring (obtaining) the certificate data. 
[1222] Note that, in Fig. 101, components given the 
same reference numerals as those of Fig. 59 are the 
same as thecomponents having the same reference nu- 
merals explained above. Further, the user home net- 
v/ork 303a is the same as the user home networi< 303 
mentioned before. In a user home network 303b, SAMs 
305^^ to 305^4 are connected via the IEEE1394 serial 
bus serving as the bus 1 91 . 

[1223] Where the content provider 301 acquires the 
certificate data CERgp of the service provider31 0, there 
are for example a case where the certificate data CERgp 
is transmitted from the service provider 31 0 to the con- 
tent provider 301 preceding the communication ((3) in 
Fig. 101) and a case where the content provider 301 
orders the certificate data CERgp from the EMD service 
center 302 ((1) In Fig. 101), 

[1224] Also, where the service provider 310 acquires 
the certificate data CER^p of the content provider 301 , 
there are for example a case where the certificate data 
CERcp is transmitted from the content provider 301 to 
the service provider 310 preceding the communication 
((2) in Fig. 101) and a case where the service provider 
310 orders the certificate data CER^p from the EMD 
service center 302 ((4) in Fig. 101). 
[1225] Also, where the service provider 310 acquires 
the certificate data CERqami to CERsam4 of the SAMs 
305^ to 3054, there are for example a case where the 
certificate data CERg^;^^ to CERsam4 are transmitted 
from the SAMs 305^ to 3064 to the service provider 310 



preceding the communication ((6) in Fig. 101) and a 
case where the service provider 31 0 orders the certifi- 
cate data CERsAMi to CERsam4 from the EMD service 
center 302 ((4) in Fig. 101). 

5 [1226] Also, where the SAMs 305^ to 3064 acquire the 
certificate data CERgp of the service provider 3 10. there 
are for example a case where the certificate data CE Rgp 
is transmitted from the semce provider 31 0 to the SAMs 
305^ to 3054 preceding the communication ((5) in Fig. 

^0 101) and a case where the SAMs 305^ to 3054 order the 
certificate data CERgp from the EMD service center 302 
((7) in Fig. 101, etc.). 

[1 227] Also, where the SAM 305^ acquires the certif- 
icate data CERsAM2 the SAM 3052, there are for ex- 
15 ample a case where the certificate data CERsam2 is 
transmitted from the SAM SOSg to the SAM 305^ pre- 
ceding the communication ((8) in Fig. 101) and a case 
where the SAM 305^ orders the certificate data 
^^^f^SAwa ^rom the EMD service center 302 ((7) in Fig. 
^0 101, etc.). 

[1 228] Also, where the SAM 3052 acquires the certif- 
icate data CERsami the SAM 305.,, there are for ex- 
ample a case where the certificate data CERqami 's 
transmitted from the SAM 305^ to the SAM 3063 pre- 
^5 ceding the communication ((9) in Fig. 101), a case 
where the SAM 3052 orders the certificate data 
^^^'^SAMi trom the EMD service center302 by itself, and 
a case where the SAM 3052 orders the certificate data 
*^^^SAM1 via the network apparatus with the SAM 305^ 
30 mounted thereon ((7) and (8) in Fig. 101). 

[1 229] Also, where the SAM 3054 acquires certificate 
data CERsAMi3 of the SAM 305^3, there are for example 
a case where the certificate data CERsamis 's transmit- 
ted from the SAM 305^3 to the SAM 3054 preceding the 
55 communication ((1 2) in Fig. 1 01 ), a case where the SAM 
3054 orders the certificate data CERs;^^^i3 f rom the EMD 
service center 302 by itself ((1 0) in Fig. 1 01 ), and a case 
where the SAM 3054 orders the certificate data 
*-'E'^SAMi3 via the network apparatus in the user home 
40 network 303b. 

[1230] Also, where the SAM 305^3 acquires the cer- 
tificate data CER3AM4 of the SAM 3054, there are for 
example a case where the certificate data CERsam4 's 
transmitted from the SAM 3054 to the SAM 305^3 pre- 
45 ceding the communication ((11) in Fig. 101), a case 
where the SAM 305-,3 orders the certificate data 
*^E'^SAM4 f^OfTi the EMD service center 302 by itself 
((13) in Fig. 101), and a case where the SAM 305.,3 or- 
ders the certificate data CERsam4 via the network ap- 
50 paratus in the user home network 303b. 

Handling of certificate revocation list (data) in second 
embodiment 



55 [1231] In the second embodiment, in order to prevent 
the content provider 301 . service provider 31 0, and the 
SAMs 305i to 3054 used for illegitimate action etc. from 
communicating with the other apparatuses in the EMD 
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service center 302, a certificate revocation list for inval- 
idating the certificate data of the apparatus used for the 
related illegitimate action is produced. Then, the related 
certificate revocation list CRL is transmitted to the con- 
tent provider 301 , service provider 310, and the SAiVIs 
305i to 3064. 

[1232] Note that, it is also possible if the certificate 
revocation list CRL is produced in for example the con- 
tent provider 301 , service provider 31 0, and the SAMs 
305^ to 3064 other than the EMD service center 302. 
[1233] First, an explanation wili be made of the case 
where the EMD service center 302 invalidates the cer- 
tificate data CERcp of the content provider 301 . 
[1234] As shown in Fig. 102, the EMD service center 
302 transmits a certificate revocation list CRL^ indicat- 
ing the invalidation of .the certificate data CERqp to the 
service provider 31 0((1) in Fig. 102). When verifying the 
signature data input from the content provider 301 , the 
service provider 310 decides the validity of the certifi- 
cate data CERcp by referring to the certificate revoca- 
tion list CRL^, performs signature verification using the 
public key data K^pp where it decides that it is valid, 
while invalidates the data from the content provider 301 
without the related signature verification where it de- 
cides that it is invalid. Note that, it is also possible not 
to invalidate the data, but reject the communication. 
[1 235] Also, the EMD service center 302 transmits the 
certificate revocation list CRL., to for example the SAM 
305., in the user home network 303 by utilizing circula- 
tion resources of the service provider 31 0 by either the 
broadcast type or on-demand type ((1) and (2) in Fig. 
102). When verifying the signature data of the content 
provider 301 stored in the secure container input from 
the service provider 310, the SAM 305^ decides the va- 
lidity of the certificate data CERqp by referring to the 
certificate revocation list CRL^, performs signature ver- 
ification using the public key data Kqp p where it decides 
it as valid, while invalidates the related secure container 
without the related signature verification where it de- 
cides it as invalid. 

[1 236] Note that, it is also possible for the EMD serv- 
ice center 302 to directly transmit the certificate revoca- 
tion list CRL^ to the SAM 305^ via the network apparatus 
in the user home network 303 ((3) in Fig. 102). 
[1237] Next, an explanation will be made of the case 
where the EMD service center 302 invalidates the cer- 
tificate data CERsp of the service provider 31 0. 
[1238] As shown in Fig. 103, the EMD service center 
302 transmits a certificate revocation list CRL2 indicat- 
ing the invalidation of the certificate data CERgp to the 
content provider 301 ((1) in Fig. 103). When verifying 
the signature data input from the service provider 31 0, 
the content provider 301 decides the validity of the cer- 
tificate data CERgp by referring to the certificate revo- 
cation list CRL2, performs signature verification using 
the public key data Ksp^p where it decides it as valid, 
while invalidates the data from the service provider 310 
without the related signature verification where it de- 



cides it as invalid. 

[1 239] Also, the EMD service center 302 transmits the 
certificate revocation list CRL2 to for example the SAM 
305-, in the user home network 303 by utilizing the cir- 

5 culation resources of the service provider 31 0 by either 
the broadcast type or on-demand type ((2) in Fig. 1 03). 
When verifying the signature data of the content provid- 
er 301 stored in the secure container inputfrom the serv- 
ice provider 310, the SAM 305^ decides the validity of 

10 the certificate data CERsp by referring to the certificate 
revocation list CRLg, performs signature verification us- 
ing the public key data Kgpp where it decides it as valid, 
and while invalidates the related secure container with- 
out the related signature verification where it decides it 

15 as invalid. 

[1240] In this case, In the service provider 310, the 
module for transmitting and receiving the certificate rev- 
ocation list CRL2 must have tamper resistance. Further, 
in the service provider 31 0, the certificate revocation list 

20 CRL2 must be stored in a region where tampering by an 
interested party of the service provider 310 is difficult. 
[1 241 ] Note that, it is also possible for the EMD serv- 
ice center 302 to directly transmit the certificate revoca- 
tion list CRLg to the SAM 305^ via the network apparatus 

25 in the user home network 303 ((3) in Fig. 103). 

[1242] Next, an explanation will be made of a case 
where the EMD service center 302 invalidates for ex- 
ample the certificate data CERg^^i^g SAM 3052- 
[1243] As shown in Fig. 104, the EMD service center 

30 302 transmits a certificate revocation list CRL3 indicat- 
ing the invalidation of the certificate data CERs^wa 
the content provider 301 ((1) in Fig. 104). The content 
provider 301 transmits the certificate revocation list 
CRL3 to the service provider 310. The service provider 

35 310 transmits the certificate revocation list CRL3 to for 
example the SAM 305^ in the user home network 303 
by utilizing its own circulation resources by either the 
broadcast type or on-demand type ((1) in Fig. 104), 
When verifying the signature data of the SAM 3052 add- 

40 ed to the data inputfrom the SAM 3052, the SAM 305^ 
decides the validity of the certificate data CERsam2 
referring to the certificate revocation list.CRL3, performs 
signature verification using the public key data Ksam2.p 
where it decides it as valid, while invalidates the related 

45 data without the related signature verification where it 
decides it as invalid. 

[1244] In this case, in the service provider 310, the 
module for transmitting and receiving the certificate rev- 
ocation list CRL3 must have tamper resistance. Further, 

50 in the service provider 31 0, the certificate revocation list 
CRL3 must be stored in a region where tampering by an 
interested party of the service provider 31 0 is difficult. 
[1245] It is also possible for the EMD service center 
302 to transmit the certificate revocation list CRL3 to the 

55 SAM 305i via the service provider 310 ((1) and (2) in 
Fig. 104). 

[1246] Further, it is also possible for the EMD service 
center 302 to directly transmit the certificate revocation 
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list CRL3 to the SAM 305^ via the network apparatus in 
the user home network 303 ((3) in Fig. 1 04). 
[1247] Also, the EMD service center 302 produces 
and stores the certificate revocation list CRL3 indicating 
the invalidation of for example the certificate data 
C^RsAM2 of the SAM 3052- 

[1248] Also, the user home network 303 produces a 
SAM registration list SRL of the SAMs connected to the 
bus 191 and transmits this to the EMD service center 
302 ((1) in Fig. 105). 

[1249] The EMD service center 302 specifies the 
SAMs (for example SAM 3062) for which invalidation is 
instructed by the certificate revocation list CRL3 among 
the SAMs 305^ to 3064 indicated in the SAM registration 
list, sets revocation flags corresponding to the related 
SAMs in the SAM registration list SRL so as to indicate 
the invalidity, and produces a new SAM registration list 
SRL. 

[1250] Next, the EMD service center 302 transmits 
the related produced SAM registration list SRL to the 
SAM 305^ ((1) in Fig. 105). 

[1251] The SAM 305^ determines the existence of the 
verification of the signature data and whether or not 
communication is pennitted by referring to the revoca- 
tion flags of the SAM registration list SRL when commu- 
nicating with another SAM. 

[1 252] Also, the EM D service center 302 produces the 
certificate revocation list CRL3 and transmits this to the 
content provider 301 ((2) in Fig. 105). 
[1253] The content provider 301 transmits the certifi- 
cate revocation list CRL3 to the sen/ice provider 31 0 ((2) 
in Fig. 105). 

[1254] Next, the service provider 310 transmits the 
certificate revocation list CRLatothe SAM 305^ by either 
the broadcast type or on-demand type by utilizing its 
own circulation resources ((2) in Fig. 105). 
[1255] The SAM 305^ specifies the SAMs (for exam- 
ple SAM 3052) for which Invalidation is instructed by the 
certificate revocation list CRL3 among the SAMs 305^ 
to 3054 indicated in the SAM registration list produced 
by itself and sets revocation flags corresponding to the 
related SAMs in the SAM registration list SAL so as to 
indicate the invalidity. 

[1256] From then on, the SAM 305^ detemnines the 
existence of verification of the signature data and wheth- 
er or not communication Is permitted by referring to the 
revocation flag of the related SAM registration list SRL 
when communicating with another SAM. 
[1257] Also, the EMD sen/icecenter302 produces the 
certificate revocation list CRL3 and transmits this to the 
service provider 310 ((3) in Fig. 105). 
[1258] Next, the service provider 310 transmits the 
certificate revocation list CRL3to the SAM 305-, by either 
the broadcast type or on-demand type by utilizing its 
own circulation resources ((3) in Fig. 105). 
[1259] The SAM 305^ specifies the SAMs (for exam- 
ple SAM 3062) for which invalidation is instructed by the 
certificate revocation list CRL3 among the SAMs 305, 



to 3054 indicated in the SAM registration list produced 
by itself and sets revocation flags corresponding to the 
related SAMs In the SAM registration list SAL so as to 
indicate the invalidity. 
5 [1260] From then on, the SAM 305, detemnines the 
existence of verification of thesignature data and wheth- 
er or not communication is pennitted by referring to the 
revocation flag of the related SAM registration list SRL 
when communicating with another SAM. 

10 

Role etc. of EMD service center 302 

[1261] Figure 106 is a view of the configuration of the 
EMD system where the functions of the EMD service 
15 center (clearinghouse) 302 shown in Fig. 59 are divided 
between a right management use clearinghouse 950 
and an electronic settlement use clearinghouse 951 . 
[1262] In the related EMD system, in the electronic 
settlement use clearinghouse 951 , settlement process- 

^0 ing (profit distribution processing) is carried out based 
on the usage log data 308 from the SAM of the user 
home networks 303a and 303b, settlement claim data 
of the content provider 301 and the service provider 31 0 
are produced, and settlement is carried out at the set- 

25 tiement manager 91 via the payment gateway 90. 

[1 263] Also, the right management use clearinghouse 
950 produces the settlement reports of the content pro- 
vider 301 and the service provider 310 in accordance 
with the settlement notification from the electronic set- 

30 tiement use clearinghouse 951 and transmits them to 
the content provider 301 and the service provider 31 0. 
[1264] Also, it perfomns the registration (authentica- 
tion) etc. of the usage control policy data 106 and the 
content key data Kc of the content provider 301 . 

35 [1 265] Note that, as shown in Fig. 1 07, when the right 
management use clearinghouse 950 and the electronic 
settlement use clearinghouse 951 are accommodated 
in a single apparatus, the EMD service center 302 
shown in Fig. 59 is formed. 

40 [1266] Also, in the present invention, for example, it 
is also possible to provide the function of a right man- 
agement use clearinghouse 960 in the EMD service 
center 302, perfomn the registration etc. of the usage 
control policy data 106 in the right management use 

45 clearinghouse 960 and, at the same time, produce the 
settlement claim data of the service provider 310 based 
on the usage log data 308 from the SAMs and transmit 
this to the service provider 31 0 as shown in Fig. 1 08. In 
this case, the service provider 310 utilizes its own 

50 charge system as an electronic settlement oUse clear- 
inghouse 961 and perfomns settlement based on the 
settlement claim data from the right management use 
clearinghouse 960. 

[1267] Also, in the present invention, for example, it 
55 is also possible to provide the function of a right man- 
agement use clearinghouse 970 in the EMD service 
center 302, perfomn the registration etc. of the usage 
control policy data 106 in the right management use 
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clearinghouse 970 and, at the sanne tinne, produce the 
settlement claim data of the content provider 301 based 
on the usage log data 308 from the SAMs and transmit 
this to the content provider 301 as shown in Fig. 109. In 
this case, the content provider 301 utilizes its own 
charge system as an electronic settlement use clearing- 
house 971 and performs settlement based on the set- 
tlement claim data from the right management use 
clearinghouse 970. 

[1268] Also, in the present invention, for example, it 
is also possible to provide the function of the right man- 
agement use clearinghouse 970 and the electronic set- 
tlement use clearinghouse 971 mentioned above in the 
content provider 301 as shown in Fig. 110. 
[1269] In this case, the content provider 301 utilizes 
its own charge system as the electronic settlement use 
clearinghouse 961 and performs settlement by itself at 
the settlement manager 91 based on the settlement 
claim data produced in the right management use clear- 
inghouse 970. 

Eighth modification of the second embodiment 

[1 270] In the second embodiment, the case where the 
secure container 1 04 of the format shown in Fig. 5 was 
provided from the content provider 301 to the service 
provider310, and the secure container 304 oftheformat 
shown in Fig. 65 was distributed from the service pro- 
vider 31 0 to the user home networl< 303 in the EMD sys- 
tem 300 shown in Fig. 59 was exemplified. 
[1271] Namely, in the second embodiment, the case 
where a single content file CF and a single key file KF 
corresponding to the related content file CF were stored 
in the secure container 104 and the secure container 
304 as shown in Fig. 5 and Fig. 65 was exemplified. 
[1272] In the present invention, it is also possible to 
store a plurality of content files CF and a plurality of key 
files KF corresponding to the related plurality of content 
files CF in the secure container 1 04 and the secure con- 
tainer 304. 

[1273] Figure 111 is a view for explaining the format 
of the secure container 1 04a provided from the content 
provider 301 to the service provider 310 shown in Fig. 
59 in the present modification. 

[1274] As shown in Fig. 111 , in the secure container 
104a, content files CF^, CFg, and CF3, key files KF-,, 
KF2, and KF3, certificate data CERcp, and signature da- 
ta SIG200CP' SIG201,CP' SIG202.CP' S'^203,CP' 

SIG204,cp. SIG205.CP. and SIGi,esc are stored. 
[1 275] Here, the signature data SIG2oo,CP' SIG201,CP' 
S1G202,GP. SIG203.CP. SIG204.CP. and SIG205,cp are pro- 
duced "in the content provider 301 by taking the hash 
values of the content files CF^. CFg, and CF3 and the 
key files KF^, KFg, and KF3, and using the secret key 
data Kqps of the content provider 301 . 
[1276] In the content file CF^, a header, meta data 
Meta^, content data C-,, an AA/ expansion use software 
Soft^, and a watermark module WM-, are stored. 



[1277] Here, the content data and the AN expan- 
sion use software Soft^ have been encrypted by using 
the content key data Kc^ , and the meta data Meta^ and 
the watermark module WM^ have been encrypted by us- 

5 ing the content key data Kc^ according to need. 

[1278] Also, the content data C^ has been com- 
pressed by for example the ATRAC3 method. The AN 
expansion use software Soft^ is the software for the ex- 
pansion of the ATRAC3 method. 

10 [1 279] Also, in the header of the content file CF^ , for 
example, as shown in Fig. 112, directory structure data 
DSD^ indicating the linkage to the key file KF^ and the 
content file CF2 is contained. 

[1280] In the content file CFg, the header, meta data 
15 Meta2, content data G2, an A/V expansion use software 
Softg, and a watermark module WM2 are stored. 
[1281] Here, the content data Cg and the AN expan- 
sion use software Softg have been encrypted by using 
the content key data Kcg, and the meta data Metag and 
20 the watermark module WM2 have been encrypted by us- 
ing the content key data Kcg according to need. 
[1282] Also, the content data C2 has been com- 
pressed by for example the MPEG2 method. The AN 
expansion use software Softg is the software for the ex- 
25 pansion of the MPEG2 method. 

[1283] Also, in the header of the content file Of 2, for 
example, as shown in Fig. 112, directory structure data 
DSD2 indicating the linkage to the key file KFg and the 
content file CF3 is contained. 
30 [1284] In the content file CF3, the header, meta data 
Metaa, content data C3, an AN expansion use software 
Softs, and a watermark module WM3 are stored. 
[1285] Here, the content data C3 and the AA/ expan- 
sion use software So% have been encrypted by using 
35 the content key data KC3, and the meta data Metag and 
the watermark module WM3 have been encrypted by us- 
ing the content key data KC3 according to need. 
[1286] Also, the content data C3 has been com- 
pressed by for example the JPEG method. The AN ex- 
40 pansion use software Soft3 is the software for the ex- 
pansion of the JPE G method. 

[1287] Also, in the header of the content file CFg, for 
example, as shown in Fig. 112, directory structure data 
DSD3 indicating the linkage to the key file KF3 is con- 
45 tained. 

[1 288] In the key file KF^ , the header, content key data 
Kc, encrypted by using the distribution use key data KD-, 
to KD3, usage control policy data 106-,, the SAM pro- 
gram download container SDC^, and signature data 

50 SIG220 ESC are stored. 

[1 289] ' In the key file KFg, the header, content key data 
Kcg encrypted by usingthe distribution use key data KD-, 
to KD3, usage control policy data 1 062, the SAM pro- 
gram download container SDC2, and signature data 

55 SIG221 ESC are stored. 

[1 290] ' In the key file KF3. the header, content key data 
KC3 encrypted by usingthe distribution use key data KD^ 
to KD3, usage control policy data IO63, the SAM pro- 
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gram download container SDC3. and signature data 
SIGpgg Esc stored. 

[1291] When receiving the secure container 104a 
shown in Fig. 112. the service provider 310 confirms the 
legitimacy of the signature data SIG200.CP. SIG201.CP. 
S'G202.cp. SIG203.CP. SIG204.CP. and SIG205,cp. that is, 
the legitimacy of the producers and transmitters of the 
content files CF^, CF2, and CF3, and the legitimacy of 
the transmitters of the key files KF^, KF2, and KF3 by 
using the public key data Kcp,p stored in the certificate 
data CERqp after confimning the legitimacy of the relat- 
ed certificate data CERcp by using the public key data 
'^Esc.p of the EMD service center 302. 
[1 292] Also, the content provider 301 conf inns the le- 
gitimacy of the signature data SIG220.ESC. SIG22i,esc. 
and SIG222,ESC the legitimacy of the producers of 
the key files KF^, KFg, and KF3 by using the public key 
data Kesc.p- 

[1 293] Then , the service provider 3 1 0 produces price 
tag data 31 2^ , 31 22. and 31 23 indicating the sales prices 
of the content files CF^ , CF2, and CF3, 
[1294] Also, the service provider 310 produces the 
signature data SIG220.SP, SIG22i,sp. and SIG222SP of 
the price tag data 312^, 3122, and 3123 by using the 
secret key data Kgpg. 

[1295] Also, the service provider 310 produces the 
signature data SIG2,o.sP. ^^G,2^^,SP^ SIG212.SP. 
^'*^2i3,sp. SIG214 SP, and SIG215 SP of the content files 
CF^, CF2, and CF3 and KF^, KF2,'and KF3 by using the 
secret key data K^pg. 

[1296] Next, the service provider 310 produces the 
secure container 304a shown in Fig. 114. 
[1 297] The service provider 31 0 distributes the secure 
container 304a shown in Fig. 114 to the user home net- 
work 303. 

[1298] In the user home network 303, in the SAMs 
305^ to 3064, after confimning the legitimacy of all sig- 
nature data stored in the secure container 304a. the 
rights for the content data , Cg and C3 are cleared in 
accordance with the link state shown in the directory 
structure data DSD^ to DSD3 based on the key files KF. 
KF2, and KF3. 

[1299] Also, in the eighth modification mentioned 
above, in the secure container 304, the case where the 
plurality of content files CF^qi . CF^oa. and GF103 provid- 
ed from the single service provider 31 0 were stored in 
the single secure container 304a and distributed to the 
user home network 303 was exemplified, but as shown 
in Fig. 98, it is also possible to store a plurality of content 
files CF provided from a plurality of content providers 
301 a and 301 b in a single secure container and distrib- 
ute the same to the user home network 303. 
[1300] Also, in the secure containers 1 04 and 304, for 
example, as shown in Fig. 113, it is also possible if a 
content file CF^ storing music (voice) data compressed 
by the ATR ACS, a content file CF2 storing video clip data 
compressed by the MPEG2. a content file CF3 storing 
the jacket (still image) data compressed by the JPEG, 



a content file CF^ storing the lyrics data in a text format, 
and a content file CF5 storing the liner note data in a text 
fomiat and key files KF^, KF2, KF3. KF4 and KF5 corre- 
sponding to them are stored. 
5 [1301] Also in this case, similarly, by the directory 
structure data of the content files CF^ to CF5. the linkage 
among the content files CF^ to CF5 and the linkage be- 
tween the content files CF^ to CF5 and the key files KF^ 
to KF5 are established, 
10 [1 302] Note that, the concept of the data format in the 
case where a plurality of content data are stored in the 
secure container in the present embodiment (case of 
composite type) is shown in for example Fig. 11 5 or Fig 
116. 

15 [1 303] Note that, the format shown in Fig. Ill can be 
similarly applied to also the case where the secure con- 
tainer 104 is transmitted from the content provider 101 
to the user home network 1 03 shown in Fig. 1 . 

Ninth modification of second embodiment 

[1 304] In the above embodiment, the case where the 
content files CF and the key files KF were stored in the 
secure containers 104 and 304 with the directory struc- 
25 tures and transmitted from the content provider 301 to 
the service provider 310 and from the service provider 
31 0 to the SAMs 305-, to 3064 was exemplified, but it is 
aiso possible to separately transmit the content files CF 
and key files KF from the content provider 301 to the 
30 service provider 310 and from the service provider 310 
to the SAMs 305i to 3064. 

[1305] This includes for example the following first 
technique and second technique. 
[1306] In the first technique, as shown in Fig. 117, the 
35 content files CF and the key files KF are separately 
transmitted from the content provider 301 to the service 
provider 310 and from the service provider 310 to the 
SAMs 305^ to 3054. 

[1307] Also, inthesecondtechnique, asshownin Fig. 
40 1 1 8, the content files CF are transmitted from the con- 
tent provider 301 to the service provider 31 0 and from 
the service provider 310 to the SAMs 305^ to 3064, and 
the key files KF are transmitted from the EMD service 
center 302 to the SAMs 305^ to 3064. The related key 
45 files KF are transmitted from the EMD service center 
302 to the SAMs 305^ to 3064 when for example the 
users of the SAMs 305^ to 3064 are going to determine 
the purchase form of the content data C. 
[1308] Where the first technique and the second tech- 
no nique are employed, for example, a link is established 
between related content files CF and between the con- 
tent files CF and the key files KF corresponding to them 
by using the hyper link data HL stored in the headers of 
at least one of the content files CF and the key files KF. 
55 In the SAMs 1 0S^ to 1 064, the rights are cleared and the 
content data C is used based on the related link. 
[1309] Also, in the above second embodiment, the 
case where the content data C and the key data such 
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as the content key data Kc and the usage control policy 
data 1 06 were transmitted from the content provider 301 
totheserviceproviderSIO and from theservice provider 
31 0 to the SAMs 305^ to 3064 in the file fomnat was ex- 
emplified, but it is not always necessary to comprise 
them in the file fomnat so far as the link among them can 
be established. 

[1310] For example, as shown in Fig. 119, it is also 
possible to separately transmit the content data C, meta 
data Meta, AA/ expansion use software Soft, watennark 
module WM, key file KF, price tag data 31 2, and the cer- 
tificate data CERcp and CERgp from the content pro- 
vider 301 and the EMD service center 302 to the SAMs 
305i to 3064. 

[1311] in this case, as shown in Fig. 119, the content 
data C, meta data Meta, AA/ expansion use software 
Soft, watermark module WM , key file KF, price tag data 
312, and certificate data CERcp and CERsr are linked 
by the hyper link data HL. 

[1312] Here, the hyper link data HL is encrypted by 
for example the distribution use key data KD^ to KDg 
and transmitted. 

[1313] Note that, in the present modification, as the 
formats of the content files CF and the key files KF, for 
example those shown in Figs. 5A and 5B are employed. 
Also, in this case, preferably the signature data SIGg^cp 
and SIG7 CP of them are transmitted together with the 
content files CF and the key files KF 

1 Qth modification of second embodiment 

[1314] In the above embodiment, the case where the 
content files CF and the key files KF were separately 
provided in the secure container 104 was exemplified, 
but for example, as shown in Fig. 120, it is also possible 
to store the key files KF in the content files CF in the 
secure containers 104 and 304. 
[1315] In this case, with respect to the content files 
CF storing the key files KF, the signature data by the 
secret key data Kqps of the content provider 301 and 
the signature by the secret key data Kgp^s of sen/ice 
provider 31 0 are attached. 

11th modification of second embodiment 

[1316] In the above embodiment, the case where the 
content data C was stored in the content files CF, the 
content key data Kc and the usage control policy data 
1 06 were stored in the key files KF, and they were trans- 
mitted from the content provider 301 to the service pro- 
vider 31 0 and from the service provider 31 0 to the SAM 
305^ etc. was exemplified, but it is also possible to trans- 
mit at least one among the content data C, content key 
data Kc, and usage control policy data 1 06 from the con- 
tent provider 301 to the service provider 310 and from 
the service provider 31 0 to the SAMs 305^ etc. in a for- 
mat not depending upon the communication protocol 
without employing the file format. 



[1 317] For example, as shown in Fig. 1 21 , in the con- 
tent provider 301 , the secure container 1 04s storing the 
content data C encrypted by the content key data Kc 
and the key file KF containing the encrypted content key 

5 data Kc and the encrypted usage control policy data 1 06 
etc. is produced, and the secure container 1 04s is trans- 
mitted to the service provider 310 in a format not de- 
pending upon the communication protocol. Then, in the 
service provider 310, it is also possible if the price tag 

10 data 312 is added to the content data C and the key file 
KF stored in the secure container 104s to produce the 
secure container 304s, and the secure container 304s 
is transmitted to the SAM 305^ etc. in a fonrrat not de- 
pending upon the communication protocol. 

15 [1 318] Also, as shown in Fig. 1 22, the content data C 
encrypted by the content key data Kc and the key file 
KF containing the encrypted content key data Kc and 
the encrypted usage control policy data 106 etc. are 
separately transmitted from the content provider 301 to 

20 the service provider 31 0 in a format not depending upon 
the communication protocol. Then, from the service pro- 
vider 31 0 to the SAM 305^ etc., the content data C, key 
file KF, and the price tag data 312 are separately trans- 
mitted in a format not depending upon the communica- 

25 tion protocol. Namely, the content data C is not com- 
prised in the file format and is transmitted by the identical 
route to that for the key file KF. 

[1 319] Also, as shown in Fig. 1 23, the content data C 
encrypted by the content key data Kc is transmitted from 

30 the content provider 301 to the service provider 31 0 in 
a format not depending upon the communication proto- 
col, while the content data C and the price tag data 312 
are transmitted from the service provider 31 0 to the SAM 
305^ etc. in a fomnat not depending upon the communi- 

35 cation protocol. Also, it is also possible if the key file KF 
containing the encrypted content key data Kc and the 
encrypted usage control policy data 1 06 etc. is transmit- 
ted from the EMD service center 302 to the SAM 305^ 
etc. Namely the content data C is not comprised in the 

40 file format and Is transmitted by a different route from 
that for the key file KF. 

[1 320] Also, as shown in Fig. 1 24, the content data C 
encrypted by the content key data Kc, the content key 
data Kc, and the usage control policy data 1 06 are trans- 

45 mitted from the content provider 301 to the service pro- 
vider 310 in a format not depending upon the commu- 
nication protocol. Also, the content data C, content key 
data Kc, usage control policy data 1 06, and the price tag 
data 31 2 are transmitted from the service provider 310 

50 to the SAM 305i etc. Namely, the content data C, con- 
tent key data Kc, usage control policy data 1 06, and the 
price tag data 312 are transmitted not in the file fomnat 
and by the same route. 

[1321] Also, as shown in Fig. 125, the content data C 
55 encrypted by the content key data Kc is transmitted from 
the content provider 301 to the service provider 31 0 in 
a format not depending upon the communication proto- 
col. Then, the content data C and the price tag data 312 
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are transmitted from the sen/ice provider 3 1 0 to the SAM 
305-, etc. in a format not depending upon the communi- 
cation protocol. Also, the content key data Kc and the 
usage control policy data 106 are transmitted from the 
EMD service center 302 to the SAM 305^ etc. Namely, 
the content data C, content key data Kc, and the usage 
control policy data 1 06 are transmitted not in the file for- 
mat and by different routes. 

12th modification of second embodiment 

[1322] In the EMD system 300 shown in Fig. 59 men- 
tioned above, for example, as shown in Fig. 126. the 
user home network 303 can distribute a secure contain- 
er 304A in accordance with the secure container 304 
received from the service provider 31 0 to the user home 
network 303a in response to a request S303a from a 
SAM of the user home network 303a too. 
[1 323] I n this case, It can be considered that the SAM 
of the user home network 303 functions in the same way 
as the service provider310 explained in the second em- 
bodiment. 

[1324] In this case, the SAM of the user home network 
303a can uniquely newly set the price tag data 312. 
[1325] Then, the purchase fomn of the content data C 
is detemnined in the SAM of the user home network 
303a, and the usage log data 304a etc. in accordance 
with that are transmitted from the SAM of the user home 
network 303a to the EMD sen/ice center 302. 
[1326] In the EMD service center 302, based on the 
usage log data 304a, the settlement processing for dis- 
tributing the money paid by the user of the user home 
network 303a to the user of the content provider 301 , 
service provider 31 0, and user home network 303 is car- 
ried out. 

[1327] Note that, the file inclusion size relationships 
of the secure containers in the present embodiment can 
be expressed as shown in Fig. 127. 



Third embodiment 

[1328] Figure 128 is a view for explaining the EMD 
system of a third embodiment of the present invention, 
while Fig. 129 is a functional block diagram of the EMD 
service center shown in Fig. 128. 
[1 329] In Fig. 1 29, components given the same refer- 
ence numerals as those used in the above first embod- 
iment and second embodiment are the same as the 
components having the same reference numerals ex- 
plained in these embodiments. 

[1 330] In the EMD system of the present embodiment, 
the content provider 301 sends the master source (con- 
tent data) S1 1 1 etc. to the EMD service center 302, and 
for example the content file CF shown in Fig. 5A is pro- 
duced in the EMD service center 302. 
[1331] Also, the content provider 301 sends the con- 
tent ID. content key data Kc. and the electronic water- 
mark management infomnation (contents of the elec- 



tronic watemiark infonnation buried in the content data) 
of the content data S1 1 1 , the identifier C P_ID of the con- 
tent provider 301 . the identifier SP_I D of the service pro- 
vider 31 0. and the suggested retailer's price SRP of the 
5 content data to the EMD service center 302. and the key 
file KF shown in Fig. 5B is produced in the EMD service 
center 302. 

[1332] Also, the EMD service center 302 stores the 
produced content file CF in the CF database 802a, at- 

10 taches global unique content IDs to the individual con- 
tent files CF, and centrally manages them. Also, the 
EMD service center 302 stores the key file KF in the KF 
database 1 53a and centrally manages also this by using 
the content ID. 

^5 [1 333] An explanation will be made of the processing 
in the EMD service center 302 by refen-ing to Fig. 129. 
[1334] The EMD service center 302 stores the master 
source Sill received from the content provider 301 in the 
content master source database 801 . 

^0 [1335] Next, in the electronic watennark information 
addition unit 112, the electronic watermark Infonnation 
indicated by the electronic watermark management in- 
formation received from the content provider301 is bur- 
ied in the master source S111 read out from the content 
25 master source database B1 0 to produce the content da- 
ta S1 12. 

[1336] Next, in the compression unit 113. the content 
data S112 is compressed to produce the content data 
S113. 

30 [1337] The content data S1 12 is expanded at the ex- 
pansion unit 1 16 and then checked audially in the audlal 
check unit 123. If necessary, the electronic watermark 
Infonnation is buried again by the electronic watermark 
infonnation addition unit 112. 

35 [1 338] Next, in the encryption unit 1 1 4, the content da- 
ta S1 13 is encrypted by using the content key data Kc 
to produce the content data S1 14. 
[1339] Next, in the CF preparation unit 802, the con- 
tent file pF shown in Fig. 5A storing the content data 

40 S1 1 4 etc. is produced, and the content file CF is stored 
in a CF database 802a. 

[1340] Also, in the EMD service center 302, in the KF 
preparation unit 153, the key file KF shown in Fig. 5B is 
produced, and the key file KF is stored in a KF database 
45 153a. 

[1341] Next, in the secure container preparation unit 
804, a secure container 806 storing the content file CF 
read out from the CF database 802a and the key file KF 
read out from the KF database 153a is produced, and 
50 the secure container 806 is stored in the secure contain- 
er database 805. 

[1342] Thereafter, the secure container database 805 
is accessed by the service provider 31 0, and the secure 
container 806 is supplied to the service provider 31 0. 
55 [1343] Next, the service provider 310 produces a se- 
cure container 807 storing the content file CF and key 
file KF stored In the secure container 806 and the price 
tag data 312 indicating the sales price of the content 
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data. 

[1344] Then, the service provider 31 0 distributes the 
secure container 807 to the user honne network 303 by 
using the predetermined communication protocol and in 
a format not depending upon the related communication 
protocol or by storing the same in a storage medium. 
[1345] In the user home network 303, in the case of 
on-line, the secure container 807 is provided to the SAM 
305^ etc. via the CA module 311 , in the SAM 305^ etc., 
the content key data Kc, usage control policy data 106, 
etc. stored in the key file KF are decrypted by using the 
distribution use key data KD^ to KDg orthe like, and the 
handling such as the purchase form of the content data 
stored in the content file CF is determined based on the 
decrypted usage control policy data 106. 
[1346] Also, in the SAM 305^ etc., the usage log data 
308 indicating the purchase log etc. of the content data 
is produced, and the usage log data 308 is transmitted 
to the EMD service center 302. 

[1 347] Also, where the secure container 807 is distrib- 
uted from the SAM 3052 °f ^^^^ home network 303 
to the SAM 305^2 ^^^^ home network 303a, 

processing similar to that in the SAM SOSg is carried out 
in the SAM 305^2' usage log data 308 is trans- 

mitted from the SAM 305^2 t*^® EMD service center 
302. 

[1348] Note that, the processings with respect to the 
secure container 807 in the user home networks 303 
and 303a are the same as the processings in the user 
home networks 1 03 and 303 in the first embodiment and 
second embodiment mentioned above. 
[1349] Also, in the example shown in Fig. 128, the 
case where the secure container storing the content file 
CF and the key file KF was transmitted from the EMD 
service center 302 to the service provider 31 0 and from 
the service provider 31 0 to the user home network 303 
(the case of in-band) was exemplified, but it is also pos- 
sible to separately- transmit the content file CF and the 
key file KF by the same route (the case of out-of-band). 
[1350] Also, as shown in Fig. 130, it is also possible 
if the content file CF produced in the EMD service center 
302 is supplied to the service provider 31 0, the service 
provider 310 supplies the content file CF to the user 
home network 303 and, at the same time, the key file 
KF produced in the EMD service center 302 is supplied 
from the EMD service center 302 to the SAM SOSg and 
SAM 305.,2 of the user home networks 303 and 303a. 

Fourth embodiment 

[1351] Figure 131 is a view for explaining the EMD 
system of a fourth embodiment of the present Invention. 
[1 352] I n the EMD system of the present embodiment, 
the content provider 301 produces for example the con- 
tent file CF shown in Fig. 5A and sends this to the EMD 
service center 302. 

[1353] Also, the content provider 301 sends the con- 
tent ID of the content data, content key data Kc, elec- 
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tronic watemnark management information (contents of 
the electronic watermark information to be buried in the 
content data and the burial position information), iden- 
tifier CP_ID of the content provider 301 , identifier SP_ID 
5 of the service provider 310 providing the content data, 
and the suggested retailer's price SRP of the content 
data to the EMD service center 302, and the key file KF 
shown in Fig. SB is produced in the EMD service center 
302. 

[1354] Also, the EMD service center 302 stores the 
contentfile CF in the database 802a, attaches the global 
unique content IDs to individual content files CF, and 
centrally manages them. Also, the EMD service center 
302 stores the produced key file KF in the KF database 
153a and centrally manages it by using the content ID. 
[1355] Also, in the EMD service center 302, the se- 
cure container 806 storing the content file CF read out 
from the CF database 802a and the key file KF read out 
from the KF database 1 53a is produced, and the secure 
container 806 is stored in the secure container data- 
base. 

[1356] Thereafter, the secure container database is 
accessed by the service provider 31 0 and the secure 
container 806 is supplied to the service provider 31 0. 
[1 357] Next, the service provider 310 produces a se- 
cure container 807 storing the content file CF and key 
file KF stored in the secure container 806 and the price 
tag data 312 indicating the sales price of the content 
data. 

[1358] Then, the service provider 310 distributes the 
secure container 807 to the user home network 303 by 
using a predetermined communication protocol in a for- 
mat not depending upon the related communication pro- 
tocol or by storing the same in a storage medium. 
[1359] In the user home network 303, in the case of 
on-line, the secure container 807 is provided to the SAM 
305^ etc. via the CA module 311, in the SAM 305^ etc., 
the content key data Kc and usage control policy data 
106 etc. stored in the key file KF are decrypted by using 
the distribution use key data KD^ to KD3, and the han- 
dling such as the purchase form of the content data 
stored in the content file CF is determined based on the 
decrypted usage control policy data 106. 
[1360] Also, in the SAM 305^ etc., the usage iog data 
308 indicating the purchase log etc. of the content data 
is produced, and the usage log data 308 is transmitted 
to the EMD service center 302. 

[1361] Also, where the securecontainer807 is distrib- 
uted from the SAM SOSg of the user home network 303 
to the SAM 305^2 of ^^^^ home network 303a, 
processing similar to that of the SAM 3052 is carried out 
in the SAM 305-,2, and the usage log data 308 is trans- 
mitted from the SAM 305^2 to the EMD service center 
302. 

[1362] Note that, the processings with respect to the 
secure container 807 in the user home networks 303 
and 303a are the same as the processings in the user 
home networks 1 03 and 303 in the first embodiment and 
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second embodiment mentioned above, 
[1363] Also, in tlie example shown in Fig. 131, the 
case where the secure container storing the content file 
CF and the key file KF was transmitted from the EMD 
service center 302 to the service provider 31 0 and from 
the service provider 31 0 to the user home network 303 
(the case of in-band) was exemplified, but it is also pos- 
sible to separately transmit the content file CF and the 
key file KF by the same route (the case of out-of-band). 
[1364] Also, as shown in Fig. 132, it is also possible 
if the content file CF is supplied from the EMD service 
center 302 to the service provider 31 0. the service pro- 
vider 310 supplies the content file CF to the user home 
network 303 and, at the same time, the key file KF pro- 
duced in the EMD service center 302 is supplied from 
the EMD service center 302 to the SAM SOSg and 
SAM305i2 iJser home networks 303 and 303a. 

Fifth embodiment 

[1365] Figure 133 is a view for explaining the EMD 
system of a fifth embodiment of the present invention. 
[1366] Inthe EMD system ofthe present embodiment, 
the content provider 301 produces for example the con- 
tent file CF shown in Fig. 5A. 

[1367] Also, the content provider 301 sends the con- 
tent ID of the content data, content key data Kc, elec- 
tronic watennark management information (contents of 
the electronic watermark Infomiatton to be buried in the 
content data and the burial position information), iden- 
tifier CP_ID of the content provider 301 , identifier SP_ID 
of the service provider 310 providing the content data, 
and the suggested retailer's price SRP of the content 
data to the EMD service center 302. and the key file KF 
shown in Fig. 5B is produced in the EMD service center 
302. 

[1368] The EMD service center 302 sends the pro- 
duced key files KF to the content provider 301 . 
[1369] Also, the EMD service center 302 stores the 
key files KF in the KF database 1 53a and centrally man- 
ages the key files KF by using the content ID allocated 
to individual content data. At this time, the content ID is 
produced by for example the EMD service center 302 
and globally uniquely determined for all of the content 
data provided by a plurality of content providers 301 . 
[1370] Next, in the content provider 301, a secure 
container 821 storing the produced content files CF and 
the key files KF received from the EMD service center 
302 is produced, and the secure container 821 is stored 
in a common database 820. 

[1371] In the common database 820, secure contain- 
ers 821 provided by a plurality of content providers 301 
are centrally managed by using the content ID. 
[1372] The service provider 310 browses (searches 
through) the common database 820 by using for exam- 
ple the content ID, receives the intended secure con- 
tainer 821 from the common database 820, produces a 
secure container 822 obtained by further storing the 



price tag data 312 indicating the sales price of the con- 
tent etc. in the secure container 821 , and distributes the 
secure container 822 to the user home network 303. 
[1 373] In the user home networi< 303, the secure con- 

5 tainer 822 is provided to the SAM 305., etc. via the CA 
module 311 in the case of on-line, in the SAM 305^ etc., 
the content key data Kc and the usage control policy 
data 106 etc. stored in the key files KF are decrypted by 
using the distribution use key data KD^ to KD3 or the 

^0 like, and the handling such as the purchase fomn of the 
content data stored in the content files CF is detemnined 
based on the decrypted usage control policy data 106. 
[1374] Also, in the SAM 305^ , etc., the usage log data 
308 indicating the purchase log etc. ofthe content data 

15 is produced, and the usage log data 308 is transmitted 
to the EMD service center 302. 

[1375] Also, where thesecurecontainer822 is distrib- 
uted from the SAM SOSg of the user home network 303 
to the SAM 305^2 °^ the user home network 303a, 
20 processing similar to that in the SAM 3052 candied out 
in the SAM 305i2, the usage log data 308 is trans- 
mitted from the SAM 305^2 to the EMD service center 
302. 

[1 376] Note that, the processings with respect to the 
25 secure container 807 in the user home networks 303 
and 303a are the same as the processings in the user 
home networks 103 and 303 in the above first embodi- 
ment and the second embodiment. 
[1377] Also, in the example shown in Fig. 133, the 
30 case where the secure containers storing the content 
files CF and the key files KF were sent from the content 
provider 301 to the common database 820, from the 
common database 820 to the service provider 31 0, and 
from the service provider 31 0 to the user home network 
35 303 (the case of in-band) was exemplified, but it is also 
possible to separately transmit the content files CF and 
the key files KF by the same route (the case of out-of- 
band). 

[1378] Also, as shown in Fig. 134, it is also possible 
40 If the content files CF are stored in the common data- 
base 820 from the content providers 301 , the service 
provider 310 obtains the content files CF from the com- 
mon database 820 and, at the same time, the key files 
KF are sent from the EM D service center 302 to the serv- 
es ice provider 310. In this case, the service provider 310 
produces the secure container 822 by storing the con- 
tent files CF obtained from the common database 820, 
the key files KF obtained from the EMD service center 
302, and the price tag data 312. 
50 [1379] The common database 820 centrally manages 
the content files CF by using the content IDs globally 
uniquely attached to the content data provided by a plu- 
rality of content providers 301 . 

[1380] Also, as shown in Fig. 135, it is also possible 
55 if the key files KF produced by the EMD service center 
302 are sent to the SAMs 305-,, 305^2. ^tc. of the user 
home networks 303 and 303a. In this case, the service 
provider 310 distributes the content files CF to the user 
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home network 303. 

[1381] The price tag data 312 may be distributed to 
the user home network 303 by the service provider 31 0 
too or may be distributed to the user home networks 303 
and 303a by the EMD service center 302 too. 

Sixth embodiment 

[1382] Figure 136 is a view for explaining the EMD 
system of a sixth embodiment of the present invention. 
[1 383] When compared with the EMD system shown 
in Fig. 133 mentioned above, the EMD system of the 
present embodiment is different in the characteristic fea- 
tures that a plurality of EMD service centers 302 are pro- 
vided and that the content provider 301 performs the 
charge processing etc. with the corresponding EMD 
service; centers 302, but is substantially the same in 
points other than that. 

[1384] The content provider 301 produces for exam- 
ple the content file CF shown in Fig. 5A. 
[1385] Also, the content provider 301 sends the con- 
tent ID of the content data, content key data Kc, elec- 
tronic watermark management infonnation (contents of 
the electronic watermark infonnation to be buried in the 
content data and the burial position information), iden- 
tifier CPJD of the content provider 301 , identifier SPJD 
of the service provider 310 providing the content data, 
and the suggested retailer's price SRP of the content 
data to one EMD service center 302 selected by itself 
(or detennined in advance) among a plurality of EMD 
service centers 302, and the key file KF shown in Fig. 
5B is produced in the EMD service center 302. 
[1386] Also, the EMD service center 302 sends the 
produced key files KF to the corresponding content pro- 
vider 301. 

[1387] Also, the EMD service center 302 stores the 
key files KF in the KF database 1 53a and centrally man- 
ages the key files KF by using the content IDs allocated 
to individual content data. At this time, the content IDs 
are produced by for example the EMD service center 
302 and globally uniquely detemninedforthe content da- 
ta corresponding to all secure containers 831 stored in 
the common database 830. 

[1388] Next, in the content provider 301, a secure 
container 831 storing the produced content files CF and 
the key files KF received from the EMD service center 
302 is produced, and the secure container 831 is stored 
in a common database 820. 

[1389] In the common database 830, secure contain- 
ers 831 provided by a plurality of content providers 301 
are centrally managed by using the content IDs. 
[1390] The service provider 310 browses (searches 
through) the common database 820 by using for exam- 
ple the content ID, receives the intended secure con- 
tainer 831 from the common database 820, produces a 
secure container 832 obtained by further storing for ex- 
ample the price tag data 312 indicating the sales price 
of the content in the secure container 831 , and distrib- 
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utes the secure container 832 to the user home network 
303. 

[1 391] In the user home network 303, the secure con- 
tainer 832 is provided to the SAM 305^ etc. via the CA 

5 module 311 in the case of on-line, in the SAM 305^ etc., 
the content key data Kc and the usage control policy 
data 1 06 etc. stored in the key files KF are decrypted by 
using the distribution use key data KD-, to KD3 or the 
like, and the handling such as the purchase fomn of the 

10 content data stored in the content files CF is determined 
based on the decrypted usage control policy data 1 06. 
[1392] Also, in the SAM 305^ etc., the usage log data 
308 indicating the purchase log etc. of the content data 
is produced, and the usage log data 308 is transmitted 

15 to the EMD service center 302. 

[1393] Also, where the securecontainer 822 is distrib- 
uted from the SAM 3052 of the user home network 303 
to the SAM 305^2 of the user home network 303a, 
processing similar to that in the SAM 3052 is carried out 

20 in the SAM SOS^s, and the usage log data 308 is trans- 
mitted from the SAM 305i2 to the EMD service center 
302. 

[1394] Note that, the processings with respect to the 
secure container 807 in the user home networks 303 

25 and 303a are the same as the processings in the user 
home networks 103 and 303 in the above first embodi- 
ment and the second embodiment. 
[1395] Also, in the example shown in Fig. 136, the 
case where the secure containers storing the content 

30 files CF and the key files KF were sent from the content 
provider 301 to the common database 830, from the 
common database 830 to the service provider 31 0, and 
from the service provider 31 0 to the user home network 
303 (the case of in-band) was exemplified, but it is also 

35 possible to separately transmit the content files CF and 
the key files KF by the same route (the case of out-of- 
band). 

[1396] Also, as shown in Fig. 137, it is also possible 
if the content files CF are stored in the common data- 

40 base 830 from the content providers 301 , the service 
provider 31 0 obtains the content files CF from the com- 
mon database 830 and, at the same time, the key files 
KF are sent from the EMD sen/ice center 302 to the serv- 
ice provider 31 0. At this time, the key file KF is sent to 

45 the content provider 301 from the EMD service center 
302 con-esponding to the content provider 301 produced 
the content file CF obtained by the service provider 31 0. 
[1 397] The service provider 31 0 stores the content file 
CF obtained from the common database 830, the key 

50 file KF obtained from the EMD service center 302, and 
the price tag data 312 to produce the secure container 
832. 

[1 398] The common database 830 centrally manages 
the content files CF by using the content IDs globally 
55 uniquely attached to the content data provided by a plu- 
rality of content providers 301 . 

[1399] Also, as shown in Fig. 138, it is also possible 
if the key files KF produced by the EMD service center 
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302 are sent to the SAMs 305^, 305^2. ^^c. of the user 
home networks 303 and 303a. Also at this time, the key 
files KF are sent to the SAMs 305i, 305i2. etc. from the 
EMD service center 302 corresponding to the content 
providers 301 preparing the content files CF provided to s 
the SAM 305i. 305^2. etc. 

[1400] Also, the service provider 310 distributes the 
content files CF to the user home network 303. The price 
tag data 312 may be distributed by the service provider 
310 to the user home networi< 303 too or may be dis- io 
tributed by the EMD service center 302 to the user home 
networks 303 and 303a. 



Seventh embodiment 



15 



[1401] Figure 139 is a view for explaining the EMD 
system of a seventh embodiment of the present inven- 
tion. 

[1402] The EMD system of the present embodiment 
is different when compared with the EMD system shown 20 
in Fig. 1 36 mentioned above in the point that the master 
source S1 1 1 of the content data is sent from the content 
provider301 to the EMD sen/ice center 302 and the con- 
tent file CF is produced in the EMD service center 302. 
The points other than that are substantially the same. 25 
[1403] The content provider 301 sends the master 
source S111 of the content data to one EMD service 
center 302 selected by itself (or detemnined in advance) 
among a plurality of EMD service centers 302, and the 
content file CF shown in Fig. 5A is produced in the EMD 3o 
service center 302. 

[1404] The EMD service center 302 sends the pro- 
duced content file CF to the con-espondlng content pro- 
vider 301. 

[1405] Also, the content provider 301 sends the con- 35 
tent ID of the content data, content key data Kc. elec- 
tronic watermark management infonnation (contents of 
the electronic watemnark information buried in the con- 
tent data), identifier CP_ID of the content provider 301 , 
identifier SPJDofthe service providerSIO providing the 40 
content data, and the suggested retailer's price data 
SRP of the content data to the above one corresponding 
EMD service center 302, and the key file KF shown in 
Fig. 5B is produced in the EMD service center 302. 
[1406] The EMD service center 302 sends the pro- 45 
duced key file KFto the corresponding content provider 
301. 

[1407] Also, the EMD service center 302 stores the 
content files CF in the CF database 802a, stores the key 
files KF in the KF database 1 53a, and centrally manages 50 
the content files CF and the key files KF by using the 
content IDs allocated to the individual content data. At 
this time, the content IDs are produced by for example 
the EMD service center 302 and globally uniquely de- 
tennined for the content data corresponding to all se- 55 
cure containers 831 stored in the common database 
840. 

[1408] Next, in the content provider 301. a secure 



container 841 storing the content file CF and the key file 
KF received from the corresponding EMD service center 
302 is produced, and the secure container 841 is stored 
in the common database 840, 

[1 409] In the common database 840, secure contain- 
ers 841 provided by a plurality of content providers 301 
are centrally managed by using the content ID. 
[1410] The service provider 31 0 browses (searches 
through) the common database 840 by using for exam- 
ple the content ID, receives the intended secure con- 
tainer 841 from the common database 840. produces a 
secure container 842 obtained by further storing for ex- 
ample the price tag data 312 indicating the sales price 
of the content in the secure container 841 , and distrib- 
utes the secure container 842 to the user home networi< 
303. 

[1411] In the user home networi< 303, the secure con- 
tainer 842 is provided to the SAM 305^ etc. via the CA 
module 311 in the case of on-line. intheSAM305^ etc., 
the content key data Kc and the usage control policy 
data 1 06 etc. stored in the key files KF are decrypted by 
using the distribution use key data KD^ to KD3 or the 
like, and the handling such as the purchase forni of the 
content data stored In the content files CF is detennined 
based on the decrypted usage control policy data 1 06. 
[1412] Also, in the SAM 305^ etc., the usage log data 
308 indicating the purchase log etc. of the content data 
is produced, and the usage log data 308 is transmitted 
to the EMD service center 302. 

[1 41 3] Also, where the secure container 822 is distrib- 
uted from the SAM 3052 of the user home network 303 
to the SAM 305^2 of the user home networi< 303a. 
processing similar to that in the SAM 3052 is earned out 
in the SAM 305^2' and the usage log data 308 is trans- 
mitted from the SAM 305^2 to the EMD service center 
302. 

[1 414] Note that, the processings with respect to the 
secure container 807 in the user home networks 303 
and 303a are the same as the processings in the user 
home networks 1 03 and 303 in the above first embodi- 
ment and the second embodiment. 
[1415] Also, in the example shown in Fig. 139, the 
case where the secure containers storing the content 
files CF and the key files KF were sent from the content 
provider 301 to the common database 840, from the 
common database 840 to the service provider 310, and 
from the service provider 31 0 to the user home network 
303 (the case of in-band) was exemplified, but rt is also 
possible to separately transmit the content files CF and 
the key files KF by the same route (the case of out-of- 
band). 

[1416] Also, as shown in Fig. 140, it is also possible 
if the content files CF are stored in the common data- 
base 830 from the content providers 301 , the service 
provider 31 0 obtains the content files CF from the com- 
mon database 840 and, at the same time, the key files 
KF are sent from the EMD service center 302 to the serv- 
ice provider 31 0. At this time, the key files KF are sent 



98 



195 



EP 1 132 828 A1 



196 



to the content provider 301 from the EMD service center 
302 corresponding to the content providers 301 prepar- 
ing the content files CF obtained by the service provider 
310. . 

[1 41 7] The service provider 31 0 stores the content file 
CF obtained from the common database 840, the key 
file KF obtained from the EMD service center 302, and 
the price tag data 312 to produce the secure container 
842. 

[1418] The common database 830 centrally manages 
the content files CF by using the content IDs globally 
uniquely attached to the content data provided by a plu- 
rality of content providers 301 . 

[1419] Also, as shown in Fig. 141, it is also possible 
if the key files KF produced by the EMD service center 
302 are sent to the SAMs 305i, 305^2' ^^^^ 
home networks 303 and 303a. Also at this time, the key 
files KF are sent to the SAMs 305^, 305^2' 
EMD service center 302 corresponding to the content 
providers 301 preparing the content files CF provided to 
the SAMs 305^, 305i2, etc. 

[1420] Also, the service provider 310 distributes the 
content files CF to the user home network 303. The price 
tag data 312 may be distributed by the service provider 
310 to the user home network 303 too or may be dis- 
tributed by the EMD service center 302 to the user home 
networks 303 and 303a. 

Eighth embodiment 

[1421] Figure 142 is a view for explaining the EMD 
system of an eighth embodiment of the present inven- 
tion. 

[1422] In the EMD system of the present embodiment, 
for example, the content file OF shown in Fig. 5A pro- 
duced by the EMD service center 302 by using the mas- 
ter source provided from the content provider 301 to the 
EMD service center 302 or the content file CF shown in 
Fig. 5A produced by the content provider 301 and pro- 
vided to the EMD service center 302 and the key file KF 
shown in Fig. SB produced by the EMD service center 

302 are distributed by the EMD service center 302 via 
the service provider 310 or directly to the SAM 305^ of 
the user home network 303. 

[1423] Here^ the service provider 31 0 sends the price 
tag data 31 2 indicating the sales price of the content file 
CF to the user home network 303 and, at the same time, 
registers and authenticates the price tag data 31 2 in the 
EMD service center 302. 

[1424] Also, the service provider 310 registers itself 
in the EMD service center 302 as the distribution busi- 
ness. 

[1425] In the EMD system of the present embodiment, 
for example, the SAM 305-, of the user home network 

303 becomes the distribution business for distributing 
the content files CF and key files KF obtained from the 
service provider 310 or the EMD service center 302 to 
the SAM 3052 the user home network303 and/or SAM 
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305i2 etc. in the user home network 303a. 
[1 426] Note, in this case, for example, the EMD serv- 
ice center 302 prohibits selling (redistributing) the pur- 
chased content data C while adding a certain sales mar- 

5 gin to obtain a profit after the SAM 305^ purchases the 
content data C stored in the content file CR 
[1 427] In the EMD system of the present embodiment, 
it is permitted to the SAM 305^ to copy the content data 
C to another SAM under the condition that content data 

10 for which the purchase fomn is not determined or content 
data C for which reproduction charge is determined as 
the purchase form is redistributed without a sale profit 
margin. Note that, this will be referred to as inter-appa- 
ratus redistribution. 

15 [1 428] Also, in the EMD system of the present embod- 
iment, inter-apparatus trade in a form without a sale 
profit margin is pemnitted for a content file CF (or secure 
container) distributed from the service provider 310 to 
the SAM 305i. 

20 [1429] Also, in the present embodiment, where the 
SAM 305-1 performs sells (distributes) the content data 
C in a fomn taking a sales profit margin, the SAM 305-, 
registers itself in the EMD service center 302 as distri- 
bution business and receives permission and, at the 

25 same time, registers the price tag data 312 indicating 
the sales price of the content data C in the EMD service 
center 302. Then, it directly receives the content file CF 
and the key file KF from the CF database 802a and the 
KF database 153a in the EMD service center 302 not 

30 via the service provider 310. 

Ninth embodiment 

[1430] Figure 143 is a view for explaining the EMD 
35 system of a ninth embodiment of the present invention. 
[1 431 ] In the EMD system of the present embodiment, 
the characteristic feature resides in that each of the con- 
tent providers 301 functions as an EMD service center 
302 in addition functioning as a content provider. 
40 [1 432] In this case, where there are a plurality of con- 
tent providers, each content provider 301 functions as 
an EMD service center 302. 

[1433] A content provider 301 distributes a secure 
container 851 storing the content file CF and the key file 

45 KF to the service provider 310. 

[1 434] The service provider 31 0 further adds the price 
tag data 312 to the content file CF and the key file KF 
stored by the secure container 851 to produce a secure 
container 852 and distributes this to the user home net- 

50 work 303. 

[1435] In the user home networks 303 and 303a, the 
purchase form etc. of the content file CF are determined 
based on the usage control policy data 1 06 stored in the 
key file KF, the usage log data 308 in accordance with 

55 that is produced, and this is transmitted to the EMD serv- 
ice center 302 in the content provider 301 . 
[1 436] At this time, the usage log data 308 is produced 
for every content provider 301 . 
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[1437] The EMD service center 302 of the content 
provider 301 distributes the profit paid by the users of 
the SAMs 305i and 305^2 wrth the corresponding serv- 
ice provider 310 based on the usage log data 308. 
[1438] Also, the log data concerning the distribution 5 
service is sent from the CA module 31 1 of the user home 
network 303 to the corresponding service provider 31 0, 
whereby the charge processing with respect to the dis- 
tribution service is carried out in the service provider 
310. w 
[1439] The present invention is not limited to the 
above embodiments. 

[1 440] In the above embodiments, the case where au- 
dio data was used as the content data was exemplified, 
but it Is also possible to use video data, audio and/or t5 
video data, text data, and a computer program or the 
like as the content data. 

[1441] Also, in the above embodiments, the case 
where the key files KF were produced in the EMD serv- 
ice centers 102 and 302 was exemplified, but it is also 20 
possible to produce the key files KF in the content pro- 
viders 101 and 301. 

[1442] In this case, the format of the key file KF cor- 
responding to Fig. 7 becomes as shown in Fig. 144, As 
shown in Fig. 144, the related key file KF has basically 25 
the same infomnation as the key file KF shown in Fig. 7 
except that signature data produced by using the secret 
key data K^p s of the content providers 1 01 and 301 are 
used. 

[1443] Also, in the above embodiments, the case 30 
where the usage control status data 166 is transmitted 
from the user home networks 103 and 303 to the EMD 
service centers 102 and 302 in real time was exempli- 
fied, but it is also possible if the usage control status 
data 1 66 is transmitted to the content providers 1 01 and 35 
301 and/or service provider 310. By this, the content 
providers 101 and 301 and the service provider 310 can 
quickly grasp the purchase situation of the contents pro- 
vided and distributed by themselves and can reflect the 
same in their service thereafter. 40 
[1 444] Below, effects by the EMD system of the above 
embodiments will be explained again while mentioning 
the related art and the problems thereof. 
[1445] With the ROM type storage media which had 
been used as the means for distributing digital content 45 
(content data) in the days when digital broadcasts (data 
broadcasts) and the Internet and other digital networks 
were not so developed, the digital content was stored 
and distributed in an unencryped state. In the days when 
the digital network was not so developed, it was enough 50 
to consider methods for preventing casual copying by 
users on the user home network for the protection of the 
copyrights of these contents. 

[1446] In recent days where the digital network has 
been developed, however, since ROM type storage me- 55 
dia carrying unencrypted content can be obtained by 
general citizens anytime and everywhere, any individual 
can purchase one and easily compress and upload the 



data on the network. Particularly, the Internet is a net- 
work connecting the entire world. Therefore, it becomes 
possible to freely upload the unencrypted content on the 
Internet and for people to download it on their own per- 
sonal terminals. Accordingly, there has arisen a possi- 
bility of serious infringement of the copyrights of the 
owners of the content (content providers). 
[1447] Further, it also becomes possible for people 
not to upload the content in the unencrypted state, but 
to bury electronic watermark information of their own in 
that content, encrypt the data, and charge for the data 
on their own and thereby deliberately sell the digital con- 
tent on the Internet behind the scenes without the per- 
mission of the copyright owner. At this time, since a 
share of the sales is not returned to the owner of the 
content, the copyright of the owner of the content (con- 
tent providers) will be seriously infringed. 
[1448] Also, by getting the permission of the copyright 
owner and concluding a contract for returning part of the 
sales to the owner of content (content provider) in ad- 
vance, it becomes possible to offer a distribution service 
capable of generating profit by distributing the digital 
content, but basically the content provider does not fa- 
vor circulation by such a secondary usage of content. 
Rental, secondhand sale, etc. are other types of busi- 
ness by secondary usage of the content. 
[1 449] When a distribution service by secondary us- 
age appears, the problem of infringement of copyrights 
is sure to occur, so a long time is taken for setting up 
the service in the right direction. The distribution service 
ends up being first started without establishing a con- 
tract with the content provider. After the problem of in- 
fringement of copyrights occurs, the distribution of profit 
to the owners and protection of the copyrights start to 
be considered and pennission as the distribution service 
is obtained. The rental CD and the rental video busi- 
nesses correspond to this. The secondhand sale of 
game software etc. is a serious problem. In the second- 
hand sale of game software, part of the profit from the 
sales is not returned to the owners of the content. The 
owners have brought court actions against this, but 
these have been dismissed. This is very hard on the 
owners. Secondhand game software is sold in large vol- 
umes with a price of half or less of new software, there- 
fore the market is very attractive for the users and a large 
influence is exerted upon the sale of new software. 
[1 450] Secondary usage of content means when a us- 
er who purchases a ROM type storage medium on 
which digital content has been already stored by the 
owner of the content using the ROM type storage me- 
dium distributed as a circulating means to obtain a profit 
further circulates the product. The fact that the purchas- 
ing user obtains a profit is not considered desirable from 
the standpoint of the (content provider) owner even if 
part of the profit is returned to it. With movie content etc., 
the owner of the content is protected by law in the form 
of recording rights/distribution rights. When purchasing 
content which an owner circulates in the public, the as- 
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sumption is that it not be circulated f urtlier from the pur- 
chasing user. Groups of owners of game software have 
raised suits at courts to suppress secondary usage busi- 
nesses attempting to apply such distribution right to 
game software as well. 

[1451] Owners of content want to get distributors dis- 
tributing digital content which they hold copyrights to un- 
der their control (they would like to know to whom the 
content is being distributed to). When there is a distrib- 
utor desiring to distribute digital content to which one 
holds a copyright so as to provide a distribution sen/ice 
and make a profit, a system is desirable by which the 
owner of the content can directly supply the digital con- 
tent. 

[1452] Note that the distributor spoken of here desig- 
nates a business that obtains a profit by collecting the 
profit margin of a few percent with respect to the price 
of the digital content. 

[1 453] A case where a profit margin is collected when 
delivering digital content to another apparatus/storage 
medium is defined as a content trade session distribu- 
tion service, while a case where a profit margin is not 
collected is defined as inter-apparatus redistribution. 
The latter is legal under the principle of supra-distribu- 
tion. 

[1454] In the current system for management of dis- 
tribution of digital content over the network where the 
service provider authors the content of its own distribu- 
tion service from a ROM type storage medium storing 
unencrypted content circulated by the content provider 
for a distribution service, when considering the situation 
where one digital content owned by the content provider 
is distributed by a plurality of service providers, irrespec- 
tive of the fact that it is identical content, authoring is 
carried out so thatthe rights are cleared by a OA module/ 
electronic settlement tool employed by each service 
provider Therefore, the formats of the encryption key 
(content key data) to be used and the licensing condi- 
tions of the content (usage control policy data) are dif- 
ferent according to each service provider, so common 
rights clearing rules cannot be provided on the user 
home network. In such a case, by settling up for all of 
the key data used by the CA modules/electronic settle- 
ment tools by the CA modules/electronic settlement 
tools of the network apparatuses and then following the 
SCMS rules, common rights clearing rules can be real- 
ized on the user home network. 

[1 455] Also, even if the content encrypted by the key 
of a CA module/electronic settlement tool and the key 
data are passed through the network apparatus as they 
are and stored on a storage medium of the storage ap- 
paratus via the user home network bus (1EEE1394 or 
the like) and the purchase and settlement processing of 
the content can be performed remotely through the net- 
wori< apparatus from an apparatus connected to the 
1394 bus, since there is a descrambler for decrypting 
the encrypted content in the network apparatus, in the 
end, reproduction cannot be carried out unless the con- 



tent and the key data are returned back to the network 
apparatus at the time of reproduction (network CA). 
[1 456] As explained above, the existence of the ROM 
type storage medium storing unencrypted content, 
5 which has been widely circulated in the worid up to the 
present, is at the root of the problem for current digital 
content network distribution services. This is a system 
where the form of the digital content can be produced 
by a person other than the content provider and where 
10 a person selling the content to a user can obtain pay- 
ment for it. Therefore, the profit of the content provider 
is illegitimately infringed by_secondary usage of the 
content. Also, the distribution of the authored digital con- 
tent is not strictly managed by the content provider, 
15 therefore it is difficult to monitor all profits earned by the 
digital content which it holds a copyright to and if its 
share of the profits is being returned to it. 
[1457] The EMD system of the embodiments ex- 
plained above solves the conventional problems men- 
20 tioned above. 

[1458] Namely, in the EMD system of the present em- 
bodiment, the digital contents authored by the content 
provider are all managed in a database on the content 
provider side by preparing content format and usage 
25 control policy data on the content provider side. The us- 
age control policy data of the content is further authen- 
ticated and registered in the EMD service center (clear- 
inghouse) as a third party reliable authority manager. 
[1 459] By doing this, the interested parties of the con- 
30 tent provider can place the rights clearing rules of the 
digital content completely under their control and man- 
age the distribution channels at the content provider 
side. Also, in the present case, steps are taken so that 
a distributor interposed between the user cannot see the 
35 content of the data of the usage control policy produced 
at the content provider side. 

[1460] Also, in the EMD system of the present embod- 
iment, the ROM type storage medium is considered as 
one means of distribution and the existence of the digital 
40 content stored there is freed from the ROM type storage 
medium. A content format having value of existence by 
solely digital content without regard as to means of dis- 
tribution and channels of distribution is proposed. The 
digital content is managed in a certain prescribed format 
45 on the content provider side. Therefore, by considering 
the mounting of the digital content of that fomnat in a 
ROM type storage medium, whether the content is cir- 
culated as a ROM type storage medium or circulated 
over a digital network, it becomes possible to provide 
50 common rights clearing rules for ROM -> RAM and for 
network -> RAM on the user home network. This is pro- 
vided so that sale sessions of the digital content are all 
defined and managed by the content provider. Due to 
this, common rights clearing not depending on the 
55 means of distribution or the channel of distribution be- 
comes possible. Also, by stipulating this format of con- 
tent defined at the content provider side as the minimum 
unit for trading the digital content, common rights clear- 
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ing rules can be provided without regard as to the type 
of the content format used in the subsequent distribution 
process. By returning the charge information produced 
at the time of purchase at the user home network not to 
the service provider, but to the EMD service center as 
a third party reliable authority manager and returning it 
therefrom to the service provider, the problems of the 
business of secondary usage of content were solved. 
[1461] As explained above, according to the present 
invention, it becomes possible to handling data in the 
data processing device of the content data provided by 
the data providing apparatus based on the usage control 
policy data of the data providing apparatus. 
[1 462] As a result, it becomes possible to suitably pro- 
tect profit according to the content data by the interested 
party of the data providing apparatus and. at the same 
time, the load of the inspection by the related interested 
party can be reduced. 
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. A data providing system for distributing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 25 
apparatus and said data processing apparatus by 
a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 30 
crypted usage control policy data indicating 
handling of said content data, 
said data providing apparatus provides said 
content data encrypted by using said content 
key data, and 35 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said key file and determines the 
handling of said content data based on the re- 
lated decrypted usage control policy data. 40 

A data providing system as set forth in claim 1, 
wherein said management apparatus adds signa- 
ture data for verification of the legitimacy of the pro- 
ducer of the key file to the key file. 45 

A data providing system as set forth in claim 1, 
wherein said data providing apparatus prepares a ; 
content file storing the content data and provides 
the content file to the data processing apparatus. so 

A data providing system as set forth in claim 3, 
wherein said data providing apparatus adds signa- 
ture data for verification of the legitimacy of the pro- 
ducer of the content file to the content file. 55 

A data providing system as set forth in claim 1, 
wherein 



the data providing apparatus prepares usage 
control policy data and sends it to said manage- 
ment apparatus, 

said data processing apparatus detemiines at 
least one of the purchase fonm and the usage 
fomn of the distributed content data based on 
the usage control policy data and sends log da- 
ta showing the log of at least one of the pur- 
chase fomn and usage form decided to said 
management apparatus, and 
said management apparatus performs profit 
distribution processing for distributing the profit 
obtained along with the purchase and usage of 
the content data in the data processing appa- 
ratus to the interested parties of the data pro- 
viding apparatus based on the received log da- 
ta. 

. A data providing system for distributing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 
apparatus and said data processing apparatus by 
a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating 
handling of said content data, 
said data providing apparatus distributes a 
module storing a content file storing the content 
data encrypted by using said content key data 
and said key file received from said manage- 
ment apparatus to said data processing appa- 
ratus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed module and de- 
tennines the handling of said content data 
based on the related decrypted usage control 
policy data. 

A data providing system as set forth in claim 6, 
wherein said management apparatus generates 
signature data for verifying the legitimacy of the pro- 
ducer of the key file and prepares the key file further 
storing that signature data. 

A data providing system as set forth in claim 6, 
wherein 

the data providing apparatus generates said 
content key data and usage control policy data 
and sends them to said management appara- 
tus and 

said management apparatus prepares said key 
file based on said received content key data 
and usage control policy data and registers the 
prepared key file. 
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9. A data providing system as set forth in claim 7, 
wherein said data providing apparatus prepares 
signature data for verifying at least one of the legit- 
imacy of a producer and distributor of the content 
key file and the distributor of the key file and distrib- 5 
utes said module further storing the signature data 

to said data processing apparatus. 

10. A data providing system as set forth in claim 9, 
wherein said data processing apparatus verifies the io 
signature data stored In the module to verify at least 
one of the legitimacy of a producer and distributor 

of the content file and a producer and distributor of 
the key file. 

15 

11. A data providing system as set forth in claim 6, 
wherein said management apparatus 

prepares said key file storing said content key 
file and said usage control policy data encrypt- 
ed using distribution use key data and 
distributes said distribution use key data to said 
data processing apparatus. 

12. A data providing system as set forth in claim 6, 25 
wherein said management apparatus and said data 
processing apparatus comprise a plurality of distri- 
bution use key data of defined periods of validity 
and use distribution use key data of con-esponding 
periods. 

13. A data providing system as set forth in claim 11, 
wherein 

said data providing apparatus prepares signs- 35 
ture data using its own secret key data and 
said data processing apparatus verifies the le- 
gitimacy of the signature data using public key 
data corresponding to said secret key data. 

40 

1 4. A data providing system for distributing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 
apparatus and said data processing apparatus by 
a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating 
handling of said content data, 
said data providing apparatus distributes a 
module storing a content file containing content 
data encrypted by using said content key data 
and the key file received from said manage- 
ment apparatus to said data processing appa- 55 
ratus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 



data stored in said distributed module and de- 
termines the handling of said content data 
based on the related decr/pted usage control 
policy data. 

15. A data providing system for distributing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 
apparatus and said data processing apparatus by 
a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating 
handling of said content data, 
said data providing apparatus individually dis- 
tributes the content file storing the content data 
encrypted by using said content key data and 
said key file received from said management 
apparatus to said data processing apparatus, 
and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

1 6. A data providing system for distributing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 
apparatus and said data processing apparatus by 
a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating 
handling of said content data and distributes 
the related prepared key file to said data 
processing apparatus, 

said data providing apparatus distributes eCon- 
tent file storing the content data encr^^pted by 
using said content key data to said data 
processing apparatus, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

1 7. A data providing system for distributing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 
apparatus and said data processing apparatus by 
a management apparatus, wherein 

said management apparatus prepares a key 
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file storing encrypted content key data and en- 
crypted usage control policy data indicating 
handling of said content data, 
said data providing apparatus distributes a 
module storing the content data encrypted by 5 
using said content key data and said key file 
received from said management apparatus to 
said data processing apparatus, and 
said data processing apparatus decrypts said 
content key data and said usage control policy io 
data stored in said distributed module and de- 
temnines the handling of said content data 
based on the related decrypted usage control 
policy data. 

15 

1 8. A data providing system for distributing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 
apparatus and said data processing apparatus by 

a management apparatus, wherein 20 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating 
handling of said content data, 25 
said data providing apparatus individually dis- 
tributes the content data encrypted by using 
said content key data and said key file received 
from said management apparatus to said data 
processing apparatus, and 30 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
temrtines the handling of said distributed con- 
tent data based on the related decrypted usage 35 
control policy data. 

1 9. A data providing system for distributing content data 
from a data providing apparatus to a data process- 

. ing apparatus and managing said data providing 40 
apparatus and said data processing apparatus by 
a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 45 
crypted usage control policy data indicating 
handling of said content data and distributes 
the related prepared key file to said data 
processing apparatus, 

said data processing apparatus distributes the 50 
content data encrypted by using said content 
key data to said data processing apparatus, 
and 

said data processing apparatus decrypts said 
content key data and said usage control policy 55 
data stored in said distributed key file and de- 
temriines the handling of said distributed con- 
tent data based on the related decrypted usage 



control policy data. 

20. A data providing system for distributing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 
apparatus and said data processing apparatus by 
a management apparatus, wherein 

said management apparatus prepares encrypt- 
ed content key data and encrypted usage con- 
trol policy data indicating handling of said con- 
tent data, 

said data providing apparatus individually dis- 
tributes the content data encrypted by using 
said content key data, said encrypted content 
key data received from said management ap- 
paratus, and said encrypted usage control pol- 
icy data to said data processing apparatus, and 
said data processing apparatus decrypts said 
distributed content key data and said usage 
control policy data and determines the handling 
of the content data stored in said distributed 
content file based on the related decrypted us- 
age control policy data. 

21 . A data providing system for distributing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 
apparatus and said data processing apparatus by 
a management apparatus, wherein 

said management apparatus prepares encrypt- 
ed content key data and encrypted usage con- 
trol policy data indicating handling of said con- 
tent data and distributes the same to said data 
processing apparatus, 

said data providing apparatus distributes the 
content data encrypted by using said content 
key data to said data processing apparatus, 
and 

said data processing apparatus decrypts said 
distributed, content key data and said usage 
control policy data and detenmines the handling 
of said distributed content data based on the 
related decrypted usage control policy data. 

22. A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a data 
processing apparatus, and a management appara- 
tus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus provides said 
content data encrypted by using said content 
key data, 
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said data distribution apparatus distributes said 
provided content data to said data processing 
apparatus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said key file and determines the 
handling of said distributed content data based 
on the related decrypted usage control policy 
data. 

23. A data providing system as set forth in claim 22, 
wherein 

said data providing apparatus provides a first 
module storing content data encrypted by using 

. said content key data, said encrypted content 
key data, and encrypted usage control policy 
data showing the handling of the content data 

' to said data distribution apparatus, 
said data distribution apparatus distributes a 
second module storing said encrypted content 
data, content key data, and usage control policy 
data stored in said received first module to said 
data processing apparatus, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed second module 
and determines the handling of said content da- 
ta based on the related decrypted usage control 
policy data. 

24. A data providing system as set forth in claim 22, 
wherein said data distribution apparatus prepares 
a second module including said provided first mod- 
ule and distributes the prepared second module to 
said data processing apparatus. 

25. A data providing system as set forth in claim 22, 
wherein said data distribution apparatus distributes 
said second modulefurther storing price data show- 
ing the price of the content data to said data 
processing apparatus. 

26. A data providing system as set forth in claim 25, 
wherein said data distribution apparatus deter- 
mines the price data based on a wholesale price 
detemnined for said content data by said data pro- 
viding apparatus. 

27. A data providing system as set forth in claim 22, 
wherein said data providing apparatus provides a 
first module further storing signature data for veri- 
fying the legitimacy of a producer and transmitter of 
at least one data of the content data, content key 
data, and usage control policy data to said data dis- 
tribution apparatus. 

28. A data providing system as set forth in claim 22, 
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wherein said data distribution apparatus provides 
said second module further storing signature data 
for verifying the legitimacy of a producer and trans- 
mitter of at least one data among the content data, 
content key data, and usage control policy data to 
said data processing apparatus. 

29. A data providing system as set forth in claim 22, 
wherein 

said data processing apparatus determines at 
least one of the purchase form and the usage 
form of the distributed content data based on 
the usage control policy data and sends log da- 
ta showing the log of at least one of the pur- 
chase form and usage form decided to said 
management apparatus and 
said management apparatus performs profit 
distribution processing for distributing the profit 
obtained along with the purchase and usage of 
the content data in the data processing appa- 
ratus to the interested parties of the data pro- 
viding apparatus and data distribution appara- 
tus based on the received log data. 

30. A data providing system as set forth in claim 22, 
wherein 

said data processing apparatus sends distribu- 
tion use log data relating to the distribution of 
the data distribution apparatus to said data dis- 
tribution apparatus and 
said data distribution apparatus performs 
charge processing relating to that distribution 
based on the distribution use log data. 



31 . A data providing system for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
40 said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, wherein 

45 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 

50 said data providing apparatus provides a first 

module storing a content file storing the content 
data encrypted by using said content key data 
and said key file received from said manage- 
ment apparatus to said data distribution appa- 

55 ratus, 

said data distribution apparatus distributes a 
second module storing said provided content 
file and said key file to said data processing ap- 



105 



209 



EP 1 132 828 A1 



210 



paratus, and 

said data processing apparatus decr/pts said 
content key data and said usage control policy 
data stored in said distributed second module 
and determines the handling of said content da- 5 
ta stored in said distributed second module 
based on the related decrypted usage control 
policy data. 

32. A data providing system as set forth in claim 31, io 
wherein 

said data providing apparatus produces said 
content key data and said usage control policy 
data and sends them to said management ap- is 
paratus and 

said management apparatus produces said 
key file based on said received content key data 
and usage control policy data and registers said 
received content key data and usage control 20 
policy data. 
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33. A data providing system as set forth in claim 31, 
wherein said data providing apparatus prepares 
signature data for verifying at least one of the legit- 
imacy of a producer and distributor of the content 
key file and the distributor of the key file and distrib- 
utes said first module further storing the signature 
data to said data processing apparatus. 

34. A data providing system as set forth in claim 31, 
wherein said data providing apparatus prepares 
signature data for verifying at least one of the legit- 
imacy of a producer and distributor of the content 
key file and the distributor of the key file and distrib- 
utes said second module further storing the signa- 
ture data to said data processing apparatus. 

35. A data providing system as set forth in claim 33. 
wherein 

said data providing apparatus prepares signa- 
ture data using its own secret key data and 
said data processing apparatus verifies the le- 
gitimacy of the signature data using public key 
data corresponding to said secret key data. 

36. A data providing system as set forth in claim 33, 
wherein 



said data providing apparatus distributes said 
module further storing public key certificate da- 
ta for certifying the legitimacy of the public key 
data to said data processing apparatus and 
said data processing apparatus verifies the sig- 55 
nature data using the public key data stored in 
the distributed public key certificate data. 



40 



45 



37. A data providing system as set forth in claim 36, 
wherein 

said management apparatus distributes public 
key certificate data for certifying the legitimacy 
of the public key data to said data processing 
apparatus and 

said data processing apparatus verifies the sig- 
nature data using the public key data stored in 
the distributed public key certificate data. 

38. A data providing system as set forth in claim 33. 
wherein 

said data distribution apparatus prepares said 
signature data using its own secret key data 
and 

said data processing apparatus verifies the le- 
gitimacy of the signature data using public key 
data corresponding to said secret key data. 

39. A data providing system as set forth in claim 38, 
wherein 

said data distribution apparatus distributes said 
module further storing public key certificate da- 
ta for certifying the legitimacy of the public key 
data to said data processing apparatus and 
said data processing apparatus verifies the sig- 
nature data using the public key data stored in 
the distributed public key certificate data. 

40. A data providing system as set forth in claim 38, 
wherein 

said management apparatus distributes said 
public key certificate data for certifying the le- 
gitimacy of the public key data to said data 
processing apparatus and 
said data processing apparatus verifies the sig- 
nature data using the public key data stored in 
the distributed public key certificate data. 

41. A data providing system as set forth in claim 31, 
wherein 

said data processing apparatus determines at 
least one of the purchase form and the usage 
form of the distributed content data based on 
the usage control policy data and sends log da- 
ta showing the log of at least one of the pur- 
chase form and usage form decided to said 
management apparatus, and 
said management apparatus performs profit 
distribution processing for distributing the profit 
obtained along with the purchase and usage of 
the content data in the data processing appa- 
ratus to the interested parties. of the data pro- 
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viding apparatus and the data distribution ap- 
paratus based on the received log data. 

42. A data providing systenn as set forth in clainn 31, 
' wherein said data distribution apparatus distributes 5 
said second module further storing price data show- 
ing the price of the content data to said data 
processing apparatus. 



10 



43. A data providing system as set forth in claim 42, 
wherein said management apparatus registers the 
price data received from said data distribution de- 
vice. 



44. A data providing system as set forth in claim 31 , ^5 
wherein said data processing apparatus comprises 
a module giving resistance to outside monitoring 
and tampering of the processing content, predeter- 
mined data stored in an internal memory, and data 
being processed. 



20 



45. A data providing system for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- ^5 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus provides a first 55 
module storing a content file containing the 
content data encrypted by using said content 
key data and a key file received from said man- 
agement apparatus to said data distribution ap- 
paratus, 

said data distribution apparatus distributes a 
second module storing said provided content 
file to said data processing apparatus, and 
said data processing apparatus decrypts said 
content key data and said usage control policy ^5 
data stored in said distributed second module 
and detemnines the handling of said content da- 
ta stored in said distributed second module 
based on the related decrypted usage control 
policy data. 

46. A data providing system for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 55 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 



apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus individually dis- 
tributes a content file storing the content data 
encrypted by using said content key data and 
said key file received from said nnanagement 
apparatus to said data distribution apparatus, 
said data distribution apparatus individually 
distributes said distributed content file and key 
file to said data processing apparatus, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling ot the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

47. A data providing system as set forth in claim 46, 
wherein said content file and said key file include 
data for clearing indicating their mutual correspond- 
ence. 

48. A data providing system for distributing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 
apparatus and said data processing apparatus by 
a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data and distributes 
the related prepared key file to said data 
processing apparatus, 

said data providing apparatus provides a con- 
tent file storing the content data encrypted by 
using said content key data to said data distri- 
bution apparatus, 

said data distribution apparatus distributes said 
provided content file to said data processing 
apparatus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling ot the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

49. A data providing system as set forth in claim 48, 
wherein said content file and said key file include 
data for clearing indicating their mutual correspond- 
ence. 

50. A data providing system for providing content data 
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from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 5 
said data processing apparatus by a management 
apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- io 
crypted usage control policy data Indicating the 
handling of said content data, 
said data providing apparatus provides a first 
module storing the content data encrypted by 
using said content key data and said key file ?5 
received from said management apparatus to 
said data distribution apparatus, 
said data distribution apparatus distributes a 
second module storing said provided content 
data and said key file to said data processing 20 
apparatus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed second module 
and detennines the handling of said content da- 25 
ta stored in said distributed second module 
based on the related decrypted usage control 
policy data. 

. A data providing system for providing content data 3o 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 35 
said data processing apparatus by a management 
apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 40 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus individually dis- 
tributes the content data encrypted by using 
said content key data and said key file received 45 
from said management apparatus to said data 
distribution apparatus, 

said data distribution apparatus individually 
distributes said distributed content data and 
said key file to said data distribution apparatus, so 
and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
tennines the handling of said distributed con- 55 
tent data based on the related decrypted usage i 
control policy data. 



52. A data providing system for distributing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 
apparatus and said data processing apparatus by 
a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data and distributes 
the related prepared key file to said data 
processing apparatus, 

said data processing apparatus provides the 
content data encrypted by using said content 
key data to said data distribution apparatus, 
said data distribution apparatus distributes said 
provided content data to said data processing 
apparatus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
temnines the handling of said distributed con- 
tent data based on the related decrypted usage 
control policy data. 

53. A data providing system for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, wherein 

said management apparatus provides encrypt- 
ed content key data and encrypted usage con- 
trol policy data indicating the handling of said 
content data to said data providing apparatus, 
said data providing apparatus individually dis- 
tributes the content data encrypted by using 
said content key data and said encrypted con- 
tent key data and said encrypted usage control 
policy data received from said management ap- 
paratus to said data distribution apparatus, 
said data distribution apparatus individually 
distributes said distributed content data, said 
encrypted content key data, and said encrypted 
usage control policy data to said data distribu- 
tion apparatus, and 

said data processing apparatus decrypts said 
distributed content key data and said usage 
control policy data and detennines the handling 
of said distributed content data based on the 
related decrypted usage control policy data. 

4. A data providing system for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
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said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, wherein 

said management apparatus provides encrypt- 
ed content key data and encrypted usage con- 
trol policy data indicating the handling of said 
content data to said data processing apparatus, 
said data providing apparatus provides the con- 
tent data encrypted by using said content key 
data to said data distribution apparatus, 
said data distribution apparatus distributes said 
provided content data to said data processing 
apparatus, and 

said data processing apparatus decrypts said 
distribute said content key data and said usage 
control policy data and determines the handling 
of said distributed content data based on the 
related decrypted usage control policy data. 

55. A data providing apparatus, a data distribution ap- 
paratus, a management apparatus, and a data 
processing apparatus, wherein 

said data providing apparatus provides master 
source data of content to said management ap- 
paratus, 

said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, encrypts said provided master source data 
by using content key data to prepare content 
data, prepares a content file storing the related 
content data, prepares a key file storing said 
encrypted content key data and encrypted us- 
age control policy data indicating the handling 
of said content data, and provides said content 
file and said key file to said data distribution ap- 
paratus, 

said data distribution apparatus distributes said 
provided content file and said key file to said 
data processing apparatus, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

56. A data providing system as set forth in claim 55, 
wherein 



said data distribution apparatus produces a 
second module storing said content file and 
said key file stored in said first module and dis- 
tributes it to said data processing apparatus. 

5 

57. A data providing system as set forth in claim 55, 
wherein said management apparatus 

comprises at least one database among a da- 
10 tabase for storing and managing said content 

file, a database for storing and managing said 
key file, and a database for storing and manag- 
ing said usage control policy data and 
centrally manages at least one among said 
15 contentflle, said key file, and said usage control 

policy data by using a content identifier unique- 
ly allocated to said content data. 

58. A data providing system comprising a data provid- 
20 jng apparatus, a data distribution apparatus, a man- 
agement apparatus, and a data processing appa- 
ratus, wherein 

said data providing apparatus provides master 
25 sourcedataof content to said management ap- 

paratus, 

said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
30 tus, encrypts said provided master source data 

by using content key data to prepare content 
data, prepares a content file storing the related 
content data, prepares a key file storing said 
encrypted content key data and encrypted us- 
35 age control policy data indicating the handling 

of said content data, provides said content file 
to said data distribution apparatus, and pro- 
vides said key file to said data processing ap- 
paratus, 

40 said data distribution apparatus distributes said 

provided content file to said data processing 
apparatus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
45 data stored in said distributed key file and de- 

termines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

50 59. A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus, and a data processing appa- 
ratus, wherein 

said data providing apparatus provides a con- 
tent file storing encrypted content data using 
content key data to said management appara- 
tus, 



said management apparatus prepares a first 55 
module storing said content file and said key 
file and provides said first module to said data 
distribution apparatus and 
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said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, prepares a key file storing said encrypted 
content key data and encrypted usage control 
policy data indicating the handling of said con- 
tent data, and provides said content file provid- 
ed from said data providing apparatus and said 
prepared key file to said data distribution appa- 
ratus. 

said data distribution apparatus distributes said 
provided content file and said key file to said 
data processing apparatus, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
temnines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

60. A data providing system as set forth in claim 59, 
wherein 

said management apparatus prepares a first 
module storing said content file and said key 
file and provides said first module to said data 
distribution apparatus and 
said data distribution apparatus produces a 
second module storing said content file and 
said key file stored in said first module and dis- 
tributes it to said data processing apparatus. 

61. A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus, and a data processing appa- 
ratus, wherein 



mines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

62. A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus, a database device, and a data 
processing apparatus, wherein 

said data providing apparatus encrypts content 
data by using content key data, prepares a con- 
tent file storing the related encrypted content 
data, and stores the related prepared content 
file and a key file provided from said manage- 
ment apparatus in said database device, 
said management apparatus prepares the key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, and provides 
the related prepared key file to said data pro- 
viding apparatus, 

said data distribution apparatus distributes said 
content file and key file obtained from said da- 
tabase device to said data processing appara- 
tus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

63. A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus, a database device, and a data 
processing apparatus, wherein 

said data providing apparatus encrypts content 
data by using content key data, prepares a con- 
tent file storing the related encrypted content 
data, and stores the related prepared content 
file in said database device, 
said management apparatus prepares the key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and provides 
the related prepared key file to said data distri- 
bution apparatus, 

said data distribution apparatus distributes said 
content file obtained from said database device 
and the key file provided from said data distri- 
bution apparatus to said data processing appa- 
ratus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of the content data stored 
in said distributed content file based on the re- 



said data providing apparatus provides a con- 
tent file storing encrypted content data using 
content key data to said management appara- 40 
tus, 

said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, prepares a key file storing said encrypted 45 
content key data and encrypted usage control 
policy data indicating the handling of said con- 
tent data, provides said content file provided 
from said data providing apparatus to said data 
distribution apparatus, and provides said pre- so 
pared key file to said data processing appara- 
tus, 

said data distribution apparatus distributes said 
provided content file to said data processing 
apparatus, and 55 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key file and deter- 
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lated decrypted usage control policy data. 

64. A data providing systenn comprising a data provid- 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus, a database device, and a data 
processing apparatus, wherein 

said data providing apparatus encrypts content 
data by using content key data, prepares a con- 
tent file storing the related encrypted content 
data, and stores the related prepared content 
file in said database device, 
said management apparatus prepares the key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 
. the handling of said content data and provides 
the related prepared key file to said data 
processing apparatus, 

said data distribution apparatus distributes said 
content file obtained from said database device 
and the key file provided from said data distri- 
bution apparatus to said data processing appa- 
ratus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key file and deter- 
mines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

65. A data providing system comprising a plurality of 
data providing apparatuses, a data distribution ap- 
paratus, a plurality of management apparatuses, a 
database device, and a data processing apparatus, 
wherein 

said data providing apparatuses encrypt con- 
tent data by using content key data, prepare 
content files storing the related encrypted con- 
tent data, and store the related prepared con- 
tent files and key files provided from con-e- 
sponding management apparatuses in said da- 
tabase device, 

said management apparatuses prepare key 
files storing said encrypted content key data 
and the encrypted usage control policy data in- 
dicating the handling of said content data for 
the content data provided by corresponding da- 
ta providing apparatuses, and provide the re- 
lated prepared key files to conresponding data 
providing apparatuses, 

said data distribution apparatus distributes said 
content files and key files obtained from said 
database device to said data processing appa- 
ratus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
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termlnes the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 

66. A data providing system comprising a plurality of 
data providing apparatuses, a data distribution ap- 
paratus, a plurality of management apparatuses, a 
database device, and a data processing apparatus, 
wherein 

said data providing apparatuses encrypt con- 
tent data by using content key data, prepare 
content files storing the related encrypted con- 
tent data, and store the related prepared con- 
tent files in said database device, 
said management apparatuses prepare key 
files storing said encrypted content key data 
and the encrypted usage control policy data In- 
dicating the handling of said content data for 
the content data provided by corresponding da- 
ta providing apparatuses, and provide the re- 
lated prepared key files to said data distribution 
apparatus, 

said data distribution apparatus distributes said 
content files obtained from said database de- 
vice and the key files provided from said man- 
agement apparatus to said data processing ap- 
paratus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
termines the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 



35 



67. A data providing system comprising a plurality of 
data providing apparatuses, a data distribution ap- 
paratus, a plurality of management apparatuses, a 
database device, and a data processing apparatus. 
40 wherein 

said data providing apparatuses encrypt con- 
tent data by using content key data, prepare 
content files storing the related encrypted con- 

45 tent data, and store the related prepared con- 

tent files in said database device, 
said management apparatuses prepare key 
files storing said encrypted content key data 
and the encrypted usage control policy data in- 

50 dicating the handling of said content data for 

the content data provided by corresponding da- 
ta providing apparatuses, and provide the re- 
lated prepared key files to said data processing 
apparatus, 

55 said data distribution apparatus distributes said 

content files obtained from said database de- 
vice to said data processing apparatus, and 
said data processing apparatus decrypts said 
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content key data and said usage control policy 
data stored in said distributed key files and de- 
tennines the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 5 

68. A data providing systenn comprising a plurality of 
data providing apparatuses, a data distribution ap- 
paratus, a plurality of management apparatuses, a 
database device, and a data processing apparatus, io 
wherein 

said data providing apparatuses provide mas- 
ter sources of content data to corresponding 
management apparatuses and store content i5 
files and key files received from the related 
management apparatuses in said database, 
said management apparatuses encrypt said 
master sources received from corresponding 
data providing apparatuses by using content 20 
key data, prepare the content files storing the 
related encrypted content data, prepare key 
files storing said encrypted content key data 
and encrypted usage control policy data indi- 
cating the handling of said content data for the ^5 
content data provided by corresponding data 
providing apparatuses, and send said prepared 
content files and said prepared key files to cor- 
responding data providing apparatuses, 
said data distribution apparatus distributes said 30 
content files and key files obtained from said 
database device to said data processing appa- 
ratus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 35 
data stored in said distributed key files and de- 
tennines the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 

40 

69. A data providing system comprising a plurality of 
data providing apparatuses, a data distribution ap- 
paratus, a plurality of management apparatuses, a 
database device, and a data processing apparatus, 
wherein 45 

said data providing apparatuses provide mas- 
ter sources of content data to con-esponding 
management apparatuses, and store content 
files received from the related management ap- 50 
paratuses in said database, 
said management apparatuses encrypt said 
master sources received from corresponding 
data providing apparatuses by using content 
key data, prepare the content files storing the 55 
related encrypted content data, send the relat- 
ed prepared content files to said data providing 
apparatuses, prepare key files storing said en- 



crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data for the content data provided 
by corresponding data providing apparatuses, 
and send said prepared key files to correspond- 
ing data distribution apparatus, 
said data distnlDUtion apparatus distributes said 
content files obtained from said database de- 
vice and the key files provided from said man- 
agement apparatuses to said data processing 
apparatus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
tenmines the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 

70. A data providing system comprising a plurality of 
data providing apparatuses, a data distribution ap- 
paratus, a plurality of management apparatuses, a 
database device, and a data processing apparatus, 
wherein 

said data providing apparatuses provide mas- 
ter sources of content data to corresponding 
management apparatuses and store content 
files received from the related management ap- 
paratuses in said database, 
said management apparatuses encrypt said 
master sources received from corresponding 
data providing apparatuses by using content 
key data, prepare the content files storing the 
related encrypted content data, send the relat- 
ed prepared content files to said data providing 
apparatuses, prepare key files storing said en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data for the content data provided 
by corresponding data providing apparatuses, 
and send said prepared key files to said data 
processing apparatus, 

said data distribution apparatus distributes said 
content files obtained from said database de- 
vice and the key files provided from said man- 
agement apparatuses to said data processing 
apparatus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key files and de- 
termines the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 

71 . A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
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tus by a management apparatus, wherein 

said management apparatus prepares a l<ey 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus provides said 
content data encrypted by using said content 
key data, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said key file and determines the 
handling of said content data based on the re- 
lated decrypted usage control policy data. 

72. A data providing method for distributing content da- 
Xa from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
distributing said prepared key file from said 
management apparatus to said data providing 
apparatus, 

distributing a module storing a content file stor- 
ing the content data encrypted by using said 
content key data and said key file distributed 
from said management apparatus from said da- 
ta providing apparatus to said data processing 
apparatus, and 

in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed module 
and determining the handling of said content 
data based on the related decrypted usage 
control policy data. 

73. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
in said data providing apparatus, distributing a 
module storing a content file containing the 
content data encrypted by using said content 
key data and the key file received from said 
management apparatus to said data process- 
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ing apparatus, and 

in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed module 
and detennining the handling of said content 
data based on the related decrypted usage 
control policy data. 

74. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
distributing the related key file from said man- 
agement apparatus to said data providing ap- 
paratus, 

individually distributing a content file storing the 
content data encrypted by using said content 
key data and said key file received from said 
management apparatus from said data provid- 
ing apparatus to said data processing appara- 
tus, and 

in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed key file and 
detennining the handling of the content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 

75. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 



in said management apparatus, preparing a 
key file storing encrypted content key data and 
45 encrypted usage control policy data indicating 

the handling of said content data, 
distributing the related key file from said man- 
agement apparatus to said data processing ap- 
paratus, 

50 distributing a content file storing the content da- 

ta encrypted by using said content key data 
from said data providing apparatus to said data 
processing apparatus, and 
in said data processing apparatus, decrypting 

55 said content key data and said usage control 

policy data stored in said distributed key file and 
detennining the handling of the content data 
stored in said distributed content file based on 
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the related decrypted usage control policy data. 

76. A data providing nnethod for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 5 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing a io 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
in said data providing apparatus, distributing a 
module storing the content data encrypted by 15 
using said content key data and said key file 
received from said management apparatus to 
said data processing apparatus, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed module 
and determining the handling of said content 
data based on the related decrypted usage 
control policy data. 

25 

T7. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the so 
steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 35 
the handling of said content data, 
in said data providing apparatus, individually 
distributing the content data encrypted by using 
said content key data and said key file received 
from said management apparatus to said data 40 
processing apparatus, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed key file and 
determining the handling of said distributed 45 
content data based on the related decrypted 
usage control policy data. 

78. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 50 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

55 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 



the handling of said content data, 
distributing the related prepared key file to said 
data processing apparatus, 
in said data providing apparatus, distributing 
the content data encrypted by using said con- 
tent key data to said data processing appara- 
tus, and 

in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed key file and 
determining the handling of said distributed 
content data based on the related decrypted 
usage control policy data. 

79. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data, 

in said data providing apparatus, individually 
distributing the content data encrypted by using 
said content key data and said encrypted con- 
tent key data and said encrypted usage control 
policy data received from said management ap- 
paratus to said data processing apparatus, and 
in said data processing apparatus, decrypting 
said distributed content key data and said us- 
age control policy data and determining the 
handling of the content data stored in said dis- 
tributed content file based on the related de- 
crypted usage control policy data. 

80. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data and distributing the same to 
said data processing apparatus, 
in said data providing apparatus, distributing 
the content data encrypted by using said con- 
tent key data to said data processing appara- 
tus, and 

in said data processing apparatus, decrypting 
said distributed content key data and said us- 
age control policy data and detemining the 
handling of said distributed content data based 
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on the related decrypted usage control policy 
data. 

81. A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a data 
processing apparatus, and a nnanagement appara- 
tus, comprising the steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
providing said content data encrypted by using 
said content key data from said data providing 
apparatus to said data distribution apparatus, 
in said data distribution apparatus, distributing 
said provided content data to said data 
processing apparatus, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said key file and determin- 
ing the handling of said distributed content data 
based on the related decrypted usage control 
policy data. 

82. A data providing method for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, comprising the steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
distributing the related prepared key file from 
said management apparatus to said data pro- 
viding apparatus, 

providing a first module storing a content file 
storing the content data encrypted by using 
said content key data and said key file received 
from said management apparatus from said da- 
ta providing apparatus to said data distribution 
apparatus, and 

distributing a second module storing said pro- 
vided content file and said key file from said da- 
ta distribution apparatus to said data process- 
ing apparatus, and 

in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed second 
module and determining the handling of said 
content data stored in said distributed second 
module based on the related decrypted usage 
control policy data. 
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83. A data providing method for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- . 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, comprising the steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
in said data providing apparatus, providing a 
first module storing a content file containing the 
content data encrypted by using said content 
key data and a key file received from said man- 
agement apparatus to said data distribution ap- 
paratus, 

in said data distribution apparatus, distributing 
a second module storing said provided content 
file to said data processing apparatus, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed second 
module and determining the handling of said 
content data stored in said distributed second 
module based on the related decrypted usage 
control policy data. 

84. A data providing method for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, comprising the steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
distributing said prepared key file from said 
management apparatus to said data providing 
apparatus, 

individually distributing a content file storing the 
content data encrypted by using said content 
key data and said key file received from said 
management apparatus from said data provid- 
ing apparatus to said data distribution appara- 
tus, 

individually distributing said distributed content 
file and said key file from said data distribution 
apparatus to said data distribution apparatus, 
and 

in said data processing apparatus, decrypting 
said content key data and said usage control 
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policy data stored in said distributed keyfileand 
determining the handling of the content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 

5 

85. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the io 
steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating is 
the handling of said content data, 
distributing the related prepared key file from 
said management apparatus to said data 
processing apparatus, 

providing a content file storing the content data 20 
encrypted by using said content key data from 
said data providing apparatus to said data dis- 
tribution apparatus, and 

distributing said provided content file from said 
data distribution apparatus to said data 25 
processing apparatus, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed keyfileand 
detemnining the handling of the content data 30 
stored in said distributed content file based on 
the related decrypted usage control policy data. 

86, A data providing method for providing content data 
from a data providing apparatus to a data distribu- 35 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 40 
apparatus, comprising the steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 45 
the handling of said content data, 
in said data providing apparatus, providing a 
first module storing the content data encrypted 
by using said content key data and said key file 
received from said management apparatus to so 
said data distribution apparatus, 
in said data distribution apparatus, distributing 
a second module storing said provided content 
data and said key file to said data processing 
apparatus, and 55 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed second 



module and determining the handling of said 
content data stored in said distributed second 
module based on the related decrypted usage 
control policy data. 

87. A data providing method for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, comprising the steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
in said data providing apparatus, individually 
distributing the content data encrypted by using 
said content key data and said key file received 
from said management apparatus to said data 
distribution apparatus, 

in said data distribution apparatus, individually 
distributing said distributed content data and 
said key file to said data distribution apparatus, 
and 

in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed key file and 
detemnlning the handling of said distributed 
content data based on the related decrypted 
usage control policy data. 

88. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

In said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and distribut- 
ing the related prepared key file to said data 
processing apparatus, 

in said data providing apparatus, providing the 
content data encrypted by using said content 
key data to said data distribution apparatus, 
in said data distribution apparatus, distributing 
said provided content data to said data 
processing apparatus, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed key file and 
detennining the handling of said distributed 
content data based on the related decrypted 
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usage control policy data. 

89. A data providing method for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data fronn 5 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, comprising the steps of, io 

in said management apparatus, providing en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data to said data providing appa- ^5 
ratus, 

in said data, providing apparatus, individually 
distributing the content data encrypted by using 
said content key data and said encrypted con- 
tent key data and said encrypted usage control 
policy data which are received from said man- 
agement apparatus to said data distribution ap- 
paratus, 

in said data distribution apparatus, individually 
distributing said distributed content data, said 
encrypted content key data, and said encrypted 
usage control policy data to said data distribu- 
tion apparatus, and 

in said data processing apparatus, decrypting 
said distributed content key data and said us- 
age control policy data and determining the 
handling of said distributed content data based 
on the related decrypted usage control policy 
data. 

90. A data providing method for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, comprising the steps of, 

in said management apparatus, distributing en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data to said data processing ap- 
paratus, 

in said data providing apparatus, distributing so 
the content data encrypted by using said con- 
tent key data to said data distribution appara- 
tus, 

in said data distribution apparatus, distributing 
sard provided content data to said data 55 
processing apparatus, and 
in said data processing apparatus, decrypting 
said distributed content key data and said us- 
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age control policy data and detemnining the 
handling of said distributed content data based 
on the related decrypted usage control policy 
data. 

91 . A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, and a data processing apparatus, 
wherein 

said data providing apparatus provides master 
source data of content to said management ap- 
paratus, 

said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing, appara- 
tus, encrypts said provided master source data 
by using content key data to prepare content 
data, prepares a content file storing the related 
content data, prepares a key file storing said 
encrypted content key data and encrypted us- 
age control policy data indicating the handling 
of said content data, and provides said content 
file and said key file to said data distribution ap- 
paratus, 

said data distribution apparatus distributes said 
provided content file and said key file to said 
data processing apparatus, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

92. A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, and a data processing apparatus, 
wherein 

said data providing apparatus provides master 
source data of content to said management ap- 
paratus, 

said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, encrypts said provided master source data 
by using content key data to prepare content 
data, prepares a content file storing the related 
content data, prepares a key file storing said 
encrypted content key data and encrypted us- 
age control policy data indicating the handling 
of said content data, and provides said content 
file to said data distribution apparatus and pro- 
vides said key file to said data processing ap- 
paratus, 

said data distribution apparatus distributes said 
provided content file to said data processing 
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apparatus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided l<ey file and deter- 
mines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

93. A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, and a data processing apparatus, 
wherein 

said data providing apparatus provides a con- 
tent file storing encrypted content data using 
content key data to said management appara- 
tus, 

said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, prepares a key file storing said encrypted 
content key data and encrypted usage control 
policy data indicating the handling of said con- 
tent data, provides said content file provided 
from said data providing apparatus and said 
prepared key file to said data distribution appa- 
ratus, 

said data distribution apparatus distributes said 
provided content file and said key file to said 
data processing apparatus, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
tenninesthe handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

94. A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, and a data processing apparatus, 
wherein 



provided content file to said data processing 
apparatus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
5 data stored in said provided key file and deter- 

mines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

10 95. A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, a database device, and a data 
processing apparatus, wherein 

1^ said data providing apparatus encrypts content 

data by using content key data, prepares a con- 
tent file storing the related encrypted content 
data, and stores the related prepared content 
file and a key file provided from said manage- 

^0 ment apparatus in said database device, 

said management apparatus prepares a key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and provides 
the related prepared key file to said data pro- 
viding apparatus, 

said data distribution apparatus distributes said 
content file and key file obtained from said da- 
tabase device to said data processing appara- 

30 tus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of the content data stored 

35 in said distributed content file based on the re- 

lated decrypted usage control policy data. 

96. A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
40 ment apparatus, a database device, and a data 
processing apparatus, wherein 



said data providing apparatus provides a con- 
tent file storing encrypted content data using 
content key data to said management appara- 45 
tus, 

said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, prepares a key file storing said encrypted so 
content key data and encrypted usage control 
policy data indicating the handling of said con- 
tent data, provides said content file provided 
from said data providing apparatus to said data 
distribution apparatus, and provides said pre- 55 
pared key file to said data processing appara- 
tus, 

said data distribution apparatus distributes said 



said data providing apparatus encrypts content 
data by using content key data, prepares a con- 
tent file storing the related encrypted content 
data, and stores the related prepared content 
file in said database device, 
said management apparatus prepares a key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and provides 
the related prepared key file to said data distri- 
bution apparatus, 

said data distribution apparatus distributes said 
content file obtained from said database device 
and the key file provided from said data distri-!^ 
bution apparatus to said data processing appa- 
ratus, and 
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said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored In said distributed key file and de- 
termines the handling of the content data stored 
in said distributed content file based on the re- 5 
tated decrypted usage control policy data. 

97. A data providing nnethod using a data providing ap- 
paratus, a data distribution apparatus, a nnanage- 
ment apparatus, a database device, and a data io 
processing apparatus, wherein 

said data providing apparatus encrypts content 
data by using content key data, prepares a con- 
tent file storing the related encrypted content ^5 
data, and stores the related prepared content 
file in said database device, 
said management apparatus prepares a key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 20 
the handling of said content data and provides 
the related prepared key file to said data 
processing apparatus, 

said data distribution apparatus distributes said 
content file obtained from said database device 25 
and the key file provided from said data distri- 
bution apparatus to said data processing appa- 
ratus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 50 
data stored in said provided key file and deter- 
mines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

35 

98. A data providing method using a plurality of data 
providing apparatuses, a data distribution appara- 
tus, a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 
wherein 40 



database device to said data processing appa- 
ratus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
termines the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 

99. A data providing method using a plurality of data 
providing apparatuses, a data distribution appara- 
tus, a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 
wherein 

said data providing apparatuses encrypt con- 
tent data by using content key data, prepare 
content files storing the related encrypted con- 
tent data, and store the related prepared con- 
tent files in said database device, 
said management apparatuses prepare the key 
files storing said encrypted content key data 
and encrypted usage control policy data indi- 
cating the handling of said content data for the 
content data provided by corresponding data 
providing apparatuses and provide the related 
prepared key files to said data distribution ap- 
paratus, 

said data distribution apparatus distributes said 
content files obtained from said database de- 
vice and the key files provided from said man- 
agement apparatuses to said data processing 
apparatus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
termines the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 

100. A data providing method using a plurality of data 
providing apparatuses, a data distribution appara- 
tus, a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 
wherein 

said data providing apparatuses encrypt con- 
tent data by using content key data, prepare 
content files storing the related encrypted con- 
tent data, and store the related prepared con- 
tent files in said database device, 
said management apparatuses prepare the key 
files storing said encrypted content key data 
and encrypted usage control policy data indi- 
cating the handling of said content data for the 
content data provided by corresponding data 
providing apparatuses and provide the related 
prepared key files to said data processing ap- 



sald data providing apparatuses encrypt con- 
tent data by using content key data, prepare 
content files storing the related encrypted con- 
tent data, and store the related prepared con- -^5 
tent files and key files provided from corre- 
sponding management apparatuses in said da- 
tabase device, 

said management apparatuses prepare the key 
files storing said encrypted content key data 50 
and encrypted usage control policy data indi- 
cating the handling of said content data for the 
content data provided by corresponding data 
providing apparatuses and provide the related 
prepared key files to corresponding data pro- 55 
viding apparatuses, 

said data distribution apparatus distributes said 
content files and key files obtained from said 
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paratus. 

said data distribution apparatus distributes said 
content files obtained from said database de- 
vice to said data processing apparatus, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key files and de- 
temninesthe handling of thecontent data stored 
in said distributed content flies based on the re- 
lated decrypted usage control policy data. 

101 .A data providing method using a plurality of data 
providing apparatuses, a data distribution appara- 
tus, a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 
wherein 

said data providing apparatuses provide mas- 
ter sources of content data to corresponding 
management apparatuses and store content 
files and key files received from the related 
management apparatuses in said database, 
said management apparatuses encrypt said 
master sources received from corresponding 
data providing apparatuses by using content 
key data, prepare content files storing the relat- 
ed encrypted content data, prepare key files 
storing said encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data forthe content da- 
ta provided by corresponding data providing 
apparatuses, and send said prepared content 
files and said prepared key files to comespond- 
ing data providing apparatuses, 
said data distribution apparatus distributes said 
content files and key files obtained from said 
database device to said data processing appa- 
ratus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
temnines the handling of thecontent data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 

102. A data providing method using a plurality of data 
providing apparatuses, a data distribution appara- 
tus, a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 
wherein 

said data providing apparatuses provide mas- 
ter sources of content data to corresponding 
management apparatuses and store content 
files received from the related management ap- 
paratuses in said database, 
said management apparatuses encrypt said 
master sources received from corresponding 



data providing apparatuses by using content 
key data, prepare content files storing the relat- 
ed encrypted content data, send the related 
prepared content files to said data providing ap- 

5 paratuses, prepare key files storing said en- 

crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data forthe content data provided 
by corresponding data providing apparatuses, 

10 and send the related prepared key files to cor- 

responding data distribution apparatus, 
said data distribution apparatus distributes said 
content files obtained from said database de- 
vice and key files provided from said manage- 

^5 ment apparatuses to said data processing ap- 

paratus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
20 terminesthe handling ofthe content data stored 

in said distributed content files based on the re- 
lated decrypted usage control policy data. 

103 A data providing method using a plurality of data 
25 providing apparatuses, a data distribution appara- 
tus, a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 
wherein 

30 said data providing apparatuses provide mas- 

ter sources of content data to corresponding 
management apparatuses and store content 
files received from the related management ap- 
paratuses In said database, 

35 said management apparatuses encrypt said 

master sources received from corresponding 
data providing apparatuses by using content 
key data, prepare content files storing the relat- 
ed encrypted content data, send the related 

"^0 prepared contentfiles to said data providing ap- 

paratuses, prepare key files storing said en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data for the content data provided 

45 by corresponding data providing apparatuses, 

and provide the related prepared key files to 
said data processing apparatus, 
said data distribution apparatus distributes said 
content files obtained from said database de- 

^0 vice to said data processing apparatus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored In said provided key files and de- 
termines the handling of the content data stored 

^5 in said distributed content files based on the re- 

lated decrypted usage control policy data. 

1 047^ data providing system for distributing content da- 
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ta from a data providing apparatus to a data 
processing apparatus, wherein 

said data providing apparatus distributes a 
module storing tfie content data encrypted by 5 
using content key data, said encrypted content 
key data, and encrypted usage control policy 
data indicating the handling of said content da- 
ta to said data processing apparatus by using 
a predetermined communication protocol in a io 
fomiat not depending upon the related commu- 
nication protocol or by recording the same on 
a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy f5 
data stored in said distributed module and de- 
temnines the handling of said content data 
based on the related decrypted usage control 
policy data. 

20 

105. A data providing system as set forth in claim 104, 
wherein said data providing apparatus distributes 
said module further storing signature data for veri- 
fying a legitimacy of a producer and a transmitter of 

at least one data among said content data, said con- ^5 
tent key data, and said usage control policy data to 
said data processing apparatus. 

106. A data providing system as set forth in claim 104, 
wherein 

said data providing apparatus distributes said 
module further storing at least one data between 
data for verifying if the related data is not tampered 
with and signature data for verifying if the related 
data was nonnally certified by a predetermined 35 
manager for at least one data among said content 
data, said content key data, and said usage control 
policy data to said data processing apparatus. 

107. A data providing system as set forth in claim 104, 
wherein 

said data processing apparatus determines a 
purchase form of said content data based on 
said usage control policy data, and ^' 
where said content data is transferred to anoth- 
er data processing apparatus, the signature da- 
ta indicating the legitimacy of the purchaser of 
the related content data and the signature data 
indicating the legitimacy of the transmitter of 5( 
the related content data are made different. 

108. A data providing system as set forth in claim 104, 
wherein said data providing apparatus produces 
signature data using secret key data of said data 5. 
providing apparatus and a hash function. 

109 . A data providing system for distributing content da- 



ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus distributes a 
module storing a content file storing the con tent 
data encrypted by using said content key data 
and said key file received from said manage- 
ment apparatus to said data processing appa- 
ratus by using a predetermined communication 
protocol in a format not depending upon the re- 
lated communication protocol or by recording 
the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed module and de- 
termines the handling of said content data 
based on the related decrypted usage control 
policy data. 

110. A data providing system as set forth in claim 109, 
wherein said management apparatus produces sig- 
nature data for verifying the legitimacy of the pro- 
ducer of said key file and prepares said key file fur- 
ther storing the related signature data. 

111. A data providing system as set forth in claim 109, 
wherein 

said data providing apparatus produces said 
content key data and said usage control policy 
data and transmits the same to said manage- 
ment apparatus, and 

said management apparatus prepares said key 
file based on said received content key data 
and usage control policy data and registers the 
related prepared key file. 

112. A data providing system as set forth in claim 110, 
wherein said data providing apparatus produces 
signature data for verifying at least one of the legit- 
imacy of a producer and transmitter of said content 
file and a distributor of said key file and distributes 
said module further storing said signature data to 
said data processing apparatus. 

113. A data providing system as set forth in claim 112, 
wherein said data processing apparatus verifies the 
signature data stored in said module to confirm at 
least one of the legitimacy of a producer and dis- 
tributor of said content file and a producer and dis- 
tributor of said key file. 
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114. A data providing system as set forth in claim 109, 
wherein said data providing apparatus further 
stores in said content file expansion use software 
for expanding the content data when the content da- 
ta is compressed. 

115. A data providing system as set forth in claim 109. 
wherein said data providing apparatus further 
stores in said content file an electronic watermark 
infomnation module including infomnation used for 
detecting said electronic watemnark infonmation 
when electronic watermark infomnation is buried in 
said content file. 

116. A data providing system as set forth in claim 109, 
wherein said data providing apparatus stores meta- 
data relating to the explanation of the content of the 
content data in said content file or distributes it sep- 
arately from the content file to said data processing 
apparatus.. 

117. A data providing system as set forth in claim 109, 
wherein 

said management apparatus produces said 
key file storing said content file data and said usage 
control policy data encrypted using said distribution 
use key data. 

118. A data providing system as set forth in claim 117, 
wherein said management apparatus and said data 
processing apparatus comprise a plurality of distri- 
bution use key data of defined periods of validity 
and use distribution use key data of corresponding 
periods. 

119. A data providing system as set forth in claim 109, 
wherein said management apparatus produces 
said key file further storing data describing the 
grammar of said usage policy control data. 

120. A data providing system as set forth in claim 109, 
wherein 

said management apparatus distributes data 
showing infomnation for reading the content file 
and the key file, that is, afile reader, to said data 
' processing apparatus and 

said data processing apparatus reads said con- 
tent file and said key file based on the file read- 
er. 

121 .A data providing system as set forth in claim 109, 
wherein 

said data providing apparatus distributes data 
showing infomnation for reading the content file 
and the key file, that is. afile reader, to said data 
processing apparatus and 
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said data processing apparatus reads said con- 
tent file and said key file based on the file read- 
er. 

122. A data providing system as set forth in claim 113, 
wherein 

said data providing apparatus produces said 
signature data using its own secret key data 
and 

said data processing apparatus verifies the le- 
gitimacy of said signature data using public key 
data corresponding to said secret key data. 

123. A data providing system as set forth in claim 122, 
wherein 

said data providing apparatus distributes said 
module further storing public key certificate da- 
ta certifying the legitimacy of said public key da- 
ta to said data processing apparatus and 
said data processing apparatus verifies said 
signature data using the public key data stored 
in said distributed public key certificate data. 

124. A data providing system as set forth in claim 122, 
wherein 

said management apparatus distributes public 
key certificate data certifying the legitimacy of 
said public key data to said data processing ap- 
paratus and 

said data processing apparatus verifies said 
signature data using the public key data stored 
in said distributed public key certificate data. 

125. A data providing system as set forth in claim 122, 
wherein said data providing apparatus perfomris 
mutual certification with said data processing appa- 
ratus, encrypts said module using session key data 
obtained by said mutual certification, and sends the 
encrypted module to said data processing appara- 
tus. 

^2^JK data providing system as set forth in claim 122, 
wherein said data providing apparatus produces a 
storage medium recording said module. 

127^0^ data providing system as set forth in claim 122. 
wherein said data processing apparatus deter- 
mines at least one of a purchase fomn and a usage 
form of said content data based on said usage con- 
trol policy data. 

128A data providing system as set forth in claim 122, 
wherein said data processing apparatus outputs 
said encrypted content key data and said encrypted 
content data to a decryption device. 
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129. A data providing system as set forth in claim 129, 
wherein 

said data processing apparatus determines at 
least one of the purchase form and the usage 
fomn of the distributed content data based on 
the usage control policy data and sends log da- 
ta showing the log of at least one of the pur- 
chase form and usage form decided to said 
management apparatus, and 
said management apparatus performs profit 
distribution processing for distributing the profit 
obtained along with the purchase and usage of 
the content data in the data processing appa- 
ratus to the interested parties of the data pro- 
viding apparatus based on the received log da- 
ta. 

130. A data providing system as set forth in claim 129, 
wherein said management apparatus performs said 
profit distribution processing in units of content da- 
ta. 

131 .A data providing system as set forth in claim 129, 
wherein 

said data providing apparatus distributes a 
module storing a plurality of said content files 
and a plurality of key files corresponding to the 
plurality of content files to said data processing 
apparatus and 

said content files include directory structure da- 
ta showing the relationship among the plurality 
of content files and the relationship with said 
key files. 

132. A data providing system as set forth in claim 109, 
wherein said data providing apparatus further com- 
prises a memory circuit for storing said module. 

133. A data providing system as set forth in claim 132, 
wherein said data providing apparatus manages 
said module based on a content identifier uniquely 
allocated to said content data. 

134. A data providing system as set forth In claim 133, 
wherein said management apparatus prepares said 
key file further storing said content identifier. 

135. A data providing system as set forth in claim 133, 
wherein said content identifier is determined 
uniquely in said content data stored by said data 
providing apparatus in said memory circuit. 

136. A data providing system as set forth in claim 133, 
wherein said content identifier is determined 
uniquely globally. 



137.A data providing system as set forth in claim 133, 
wherein said data providing apparatus produces 
said content identifier. 

5 138.A data providing system as set forth in claim 133, 
wherein said data providing apparatus further com- 
prises a memory circuit for storing said module. 

139. A data providing system as set forth in claim 133, 
10 wherein said data processing circuit comprises a 

module giving resistance to outside monitoring and 
tampering of the processing content, predeter- 
mined data stored in an internal memory, and data 
being processed. 

15 

140. A data providing apparatus which is managed by a 
management apparatus and distributes content da- 
ta to a data processing apparatus, 

20 receiving a key file storing encrypted content 

key data and encrypted usage control policy 
data indicating the handling of said content da- 
ta from said management apparatus and 
distributing a module storing a content file stor- 
es ing the content data encrypted by using said 
content key data and said key file received from 
said management apparatus to said data 
processing apparatus. 

30 141 .A data processing apparatus managed by a man- 
agement apparatus and utilizing content data, 

receiving a module containing a key file storing 
encrypted content key data and encrypted us- 
35 age control policy data indicating the handling 

of said content data and a content file storing 
the content data encrypted by using said con- 
tent key data, 

determining at least one between a purchase 
40 form and an usage form of said content data 

based on said usage control policy data, and 
transmitting a log data indicating the log of the 
determined at least one of the related purchase 
form and usage form to said management ap- 
45 paratus. 

142.A data providing system for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
se? viding apparatus and said data processing appara- 
tus by a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
55 crypt ed usage control policy data indicating the 

handling of said content data, 
said data providing apparatus distributes a 
module storing a content file containing the 
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content data encrypted by using said content 
key data and the key file received from said 
nrianagement apparatus to said data process- 
ing apparatus by using a predetemnined com- 
nnunication protocol in a format not depending 5 
upon the related connnnunication protocol or re- 
cording the same on a storage mediunn, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed module and de- io 
tennines the handling of said content data 
based on the related decrypted usage control 
policy data. 

143. A data providing system for distributing content da- is 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, wherein 

20 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus individually dis- 25 
tributes a content file storing the content data 
encrypted by using said content key data and 
said key file received from said management 
apparatus to said data processing apparatus by 
using a predetermined communication protocol so 
but in a format not depending upon the related 
communication protocol or by recording the 
same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 35 
data stored in said distributed key file and de- 
temnines the handling of thecontent data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

40 

144. A data providing system as set forth in claim 143, 
wherein 

said data providing apparatus individually dis- 
tributes a plurality of said content files and a 45 
plurality of key files corresponding to said plu- 
rality of content files to said data processing ap- 
paratus, and 

said content files and said key files include hy- 
per link information showing the mutual corre- 50 
spondence. 

145. A data providing system for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 55 
viding apparatus and said data processing appara- 
tus by a management apparatus, wherein 



said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data and distributes 
the related prepared key file to said data 
processing apparatus, 

said data providing apparatus distributes a con- 
tent file storing the content data encrypted by 
using said content key data to said data 
processing apparatus by using a predeter- 
mined communication protocol but in a fomnat 
not depending upon the related communication 
protocol or recording the same on a storage 
medium, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

146A data providing system as set forth in claim 145, 
wherein 

said data providing apparatus distributes a plu- 
rality of said content files to said data process- 
ing apparatus, 

said management apparatus distributes the 
plurality of key files corresponding to the plural- 
ity of content files to said data processing ap- 
paratus, and 

said content files and said key files include hy- 
per link information showing the mutual corre- 
spondence. 

147j^ data providing system for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data Indicating the 
handling of said content data, 
said data providing apparatus distributes a 
module storing the content data encrypted by 
using said content key data and said key file 
received from said management apparatus to 
said data processing apparatus by using a pre- 
determined communication protocol but in a 
format not depending Lipon the related commu- 
nication protocol or recording the same on a 
storage medium, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed module and de- 
termines the handling of said content data 
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based on the related decrypted usage control 
policy data. 

148.A data providing systenn for distributing content da- 
ta fronn a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus individually dis- 
tributes the content data encrypted by using 
said content key data and said key file received 
from said manag^ent apparatus to said data 
processing apparatus by using a predeter- 
mined communication protocol but in a format 
not depending upon the related communication 
protocol or recording the same on a storage 
medium, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
tennines the handling of said distributed con- 
tent data based on the related decrypted usage 
control policy data. 

149.A data providing system for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data and distributes 
the related prepared key file to said data 
processing apparatus, 

said data providing apparatus distributes the 
content data encrypted by using said content 
key data to said data processing apparatus by 
using a predetermined communication protocol 
but in a format not depending upon the related 
communication protocol or recording the same 
on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
temriines the handling of said distributed con- 
tent data based on the related decrypted usage 
control policy data. 

1 50.A data providing system for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 



viding apparatus and said data processing appara- 
tus by a management apparatus, wherein 

said management apparatus prepares encrypt- 
5 ed content key data and encrypted usage con- 

trol policy data indicating the handling of said 
content data, 

said data providing apparatus individually dis- 
tributes the content data encrypted by using 

10 said content key data and said encrypted con- 

tent key data and said encrypted usage control 
policy data received from said management ap- 
paratus to said data processing apparatus by 
using a predetermined communication protocol 

15 but in a format not depending upon the related 

communication protocol or recording the same 
on a storage medium, and 
said data processing apparatus decrypts said 
distributed content key data and said usage 

20 control policy data and determines the handling 

of the content data stored in said distributed 
content file based on the related decrypted us- 
age control policy data. 

25 151 .A data providing system for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, wherein 

30 

said management apparatus prepares encrypt- 
ed content key data and encrypted usage con- 
trol policy data indicating the handling of said 
content data and distributes the same to said 

35 data processing apparatus, 

said data providing apparatus distributes the 
content data encrypted by using said content 
key data to said data processing apparatus by 
using a predetermined communication protocol 

40 but in a fonnat not depending upon the related 

communication protocol or recording the same 
on a storage medium, and 
said data processing apparatus decrypts said 
distributed content key data and said usage 

45 control policy data and determines the handling 

of said distributed content data based on the 
related decrypted usage control policy data. 

152.A data providing system comprising a data provid- 
50 ing apparatus, a data distribution apparatus, and a 
data processing apparatus, wherein 

said data providing apparatus provides a first 
module storing content data encrypted by using 
55 content key data, said encrypted content key 

data, and encrypted usage control policy data 
indicating the handling of said content data to 
said data distribution apparatus, 
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said data distribution apparatus distributes a 
second module storing said encrypted content 
data, content key data, and the usage control 
policy data stored in said provided first module 
to said data processing apparatus by using a 5 
predetennined communication protocol but in 
a format not depending upon the related com- 
munication protocol or by recording the same 
on a storage medium, and 

said data processing apparatus decrypts said io 
content key data and said usage control policy 
data stored in said distributed second module 
and detemnines the handling of said content da- 
ta based on the related decrypted usage control 
policy data. 75 



said data processing apparatus. 

159J^ data providing system as set forth in claim 152, 
wherein 

said data distribution apparatus provides said 
second module further storing at least one data 
among data for verifying if the data has been tam- 
pered with for at least one data of the content data, 
content key data, and usage control policy data and 
signature data for verifying if the data has been cer- 
tified as legitimate by a predetemnined manager to 
said data processing apparatus. 

160^ data providing system as set forth in claim 152, 
wherein 



153. A data providing system as set forth in claim 152, 
wherein said data distribution apparatus prepares 
a second module including said provided first mod- 
ule and distributes the prepared second module to 20 
said data processing apparatus. 

154. A data providing system as set forth in claim 152, 
wherein said data distribution apparatus distributes 
said second module furtherstoring price data show- 25 
ing the price of the content data to said data 
processing apparatus. 

155. A data providing system as set forth in claim 154, 
wherein said data distribution apparatus deter- so 
mines the price data based on a wholesale price 
determined for said content data by said data pro- 
viding apparatus. 

156. A data providing system as set forth in claim 152. 35 
wherein said data providing apparatus provides a 
first module further storing signature data for veri- 
fying the legitimacy of a producer and transmitter of 

at least one data of the content data, content key 
data, and usage control policy data to said data dis- 40 
tribution apparatus. 

157. A data providing system as set forth in claim 156, 
wherein said data providing apparatus provides a 
first module furtherstoring at least one data among 45 
data for verifying if the data has been tampered with 

for at least one data of the content data, content key 
data, and usage control policy data and signature 
data for verifying if the data has been certified as 
legitimate by a predetermined manager to said data so 
distribution device. 

158. A data providing system as set forth in claim 156, 
wherein said data distribution apparatus provides 
said second module further storing signature data 55 
for verifying the legitimacy of a producer and trans- 
mitter of at least one data among the content data, 
content key data, and usage control policy data to 



said said data processing apparatus deter- 
mines at least one of the purchase form and the 
usage form of the distributed content data 
based on the usage control policy data and 
sends log data showing the log of at least one 
of the purchase form and usage form decided 
to said management apparatus and 
said management apparatus performs profit 
distribution processing for distributing the profit 
obtained along with the purchase and usage of 
the content data in the data processing appa- 
ratus to the interested parties of the data pro- 
viding apparatus and data distribution appara- 
tus based on the received log data. 

161 .A data providing system as set forth in claim 152, 
wherein 

said data processing apparatus sends distribu- 
tion use log data relating to the distribution of 
the data distribution apparatus to said data dis- 
tribution apparatus and 

said data distribution apparatus performs 
charge processing relating to that distribution 
based on the distribution use log data. 

162J^ data providing system for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus provides a first 
module storing a content file storing the content 
data encrypted by using said content key data 
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and said key file received from said manage- 
ment apparatus to said data distribution appa- 
ratus, 

said data distribution apparatus distributes a 
second module storing said provided content 
file and said key file to said data processing ap- 
paratus by using a predetermined communica- 
tion protocol but in a format not depending upon 
the related communication protocol or record- 
ing the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed second module 
and determines the handling of said content da- 
ta stored in said distributed second module 
based on the related decrypted usage control 
policy data. 

163. A data providing system as set forth in claim 162, 
wherein said management apparatus produces sig- 
nature data for verifying the legitimacy of the pro- 
ducer of said key file and prepares said key file fur- 
ther storing the related signature data. 

164. A data providing system as set forth in claim 162, 
wherein 

said data providing apparatus produces said 
content key data and said usage control policy 
data and transmits the same to said manage- 
ment apparatus, and 

said management apparatus prepares said key 
file based on said received content key data 
and usage control policy data and registers the 
received content key data and usage control 
policy data. 

165. A data providing system as set forth in claim 162, 
wherein said data providing apparatus produces 
signature data for verifying at least one of the legit- 
imacy of a producer and provider of said content file 
and a provider of said key file and distributes said 
module further storing said signature data to said 
data processing apparatus. 

166. A data providing system as set forth in claim 162, 
wherein said data distribution apparatus produces 
signature data for verifying at least one of the legit- 
imacy of a producer and distributor of said content 
file and a distributor of said key file and distributes 
said second module further storing said signature 
data to said data processing apparatus. 

167. A data providing system as set forth in claim 166, 
wherein said data processing apparatus verifies the 
signature data stored In said second module to con- 
firm at least one of the legitimacy of a producer and 
distributor of said content file and a producer and 



distributor of said key file. 

168. A data providing system as set forth in claim 162, 
wherein said data providing apparatus further 

5 stores in said content file expansion use software 
for expanding the content data when the content da- 
ta is compressed. 

169. A data providing system as set forth in claim 162, 
10 wherein said data providing apparatus stores meta- 
data relating to the explanation of the content of the 
content data in said content file or distributes it sep- 
arately from the content file to said data processing 
apparatus. 

15 

MOJK data providing system as set forth in claim 162, 
wherein said data providing apparatus further 
stores in said content file an electronic watermark 
information module including information used for 
20 detecting said electronic watermark information 
when electronic watermark information is buried in 
said content file. 

171 .A data providing system as set forth In claim 162, 
25 wherein said management apparatus 

produces said key file storing said content file 
data and said usage control policy data en- 
crypted using said distribution use key data and 
30 distributes said distribution use key data to said 

data processing apparatus. 

172.A data providing system as set forth in claim 171 , 
wherein said management apparatus and said data 
35 processing apparatus comprise a plurality of distri- 
bution use key data of defined periods of validity 
and use distribution use key data of corresponding 
periods. 

40 173^ data providing system as set forth In claim 162, 
wherein said management apparatus produces 
said key file further storing data describing the 
grammar of said usage policy control data. 

45 174.A data providing system as set forth in claim 162, 
wherein 

said management apparatus distributes data 
showing Information for reading the content file 
50 and the key file, that Is, a file reader, to said data 

processing apparatus and 
said data processing apparatus reads said con- 
tent file and said key file based on the file read- 
er 

55 

175.A data providing system as set forth in claim 162, 
wherein 
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said data providing apparatus distributes data 
showing infomriation for reading the content file 
and the key file, that is, a file reader, to said data 
processing apparatus and 
said data processing apparatus reads said con- 
tent file and said key file based on the file read- 
er. 

176. A data providing system as set forth in claim 1 65, 
wherein 

said data providing apparatus produces said 
signature data using its own secret key data 
and 

said data processing apparatus verifies the le- 
gitimacy of said signature data using public key 
data corresponding to said secret key data. 

177. A data providing system as set forth in claim 1 76, 
wherein 

said data providing apparatus distributes said 
module further storing public key certificate da- 
ta certifying the legitimacy of said public key da- 
ta to said data processing apparatus and 
said data processing apparatus verifies said 
signature data using the public key data stored 
in said distributed public key certificate data. 

178. A data providing system as set forth in claim 1 76, 
wherein 

said management apparatus distributes public 
key certificate data certifying the legitimacy of 
said public key data to said data processing ap- 
paratus and 

said data processing apparatus verifies said 
signature data using the public key data stored 
in said distributed public key certificate data. 

179. A data providing system as set forth in claim 176, 
wherein 

said data distribution apparatus produces said 
signature data using its own secret key data 
and 

said data processing apparatus verifies the le- 
gitimacy of said signature data using public key 
data corresponding to said secret key data. 

180. A data providing system as set forth in claim 179, 
wherein 



gitimacy of said signature data using public key 
data stored in said distributed public key certif- 
icate data. 

5 181 A data providing system as set forth in claim 179, 
wherein 

said management apparatus distributes public 
key certificate data certifying the legitimacy of 
^0 said public key data to said data processing ap- 

paratus and 

said data processing apparatus verifies the le- 
gitimacy of said signature data using public key 
data stored in said distributed public key certif- 
^5 Icate data. 

182.A data providing system as set forth in claim 162, 
wherein said data distribution apparatus performs 
mutual certification with said data processing appa- 
^0 ratus, encrypts said module using session key data 
obtained by said mutual certification, and sends the 
encrypted second module to said data processing 
apparatus. 

25 183.A data providing system as set forth in claim 182, 
wherein said data distribution apparatus. produces 
a storage medium recording said module. 

184.A data providing system as set forth in claim 162, 
30 wherein said data processing apparatus deter- 
mines at least one of a purchase form and a usage 
form of said content data based on said usage con- 
trol policy data. 

35 185.A data providing system as set forth in claim 162, 
wherein said data processing apparatus outputs 
said encrypted content key data and said encrypted 
content data to a decryption device. 

40 186.A data providing system as set forth in claim 162, 
wherein 

said data processing apparatus determines at 
least one of the purchase form and the usage 
fomn of the distributed content data based on 
the usage control policy data and sends log da- 
ta showing the log of at least one of the pur- 
chase form and usage form decided to said 
management apparatus, and 
said management apparatus performs profit 
distribution processing for distributing the profit 
obtained along with the purchase and usage of 
the content data in the data processing appa- 
ratus to the interested parties of the data pro- 
viding apparatus and data distribution appara- 
tus based on the received log data. 

187.A data providing system as set forth in claim 186, 



said data distribution apparatus distributes said 
module further storing public key certificate da- 55 
ta certifying the legitimacy of said public key da- 
ta to said data processing apparatus and 
said data processing apparatus verifies the le- 



128 



irwvtrv ^ca 



255 



EP1 132 828 A1 



256 



wherein said management apparatus performs said 
profit distribution processing in units of content da- 
ta. 

188. A data providing system as set forth in claim 162, 
wherein said data distribution apparatus distributes 
said second module storing price data showing a 
price of said content data to said data processing 
apparatus. 

189. A data providing system as set forth in claim 186, 
wherein said management apparatus registers said 
price data received from said data distribution ap- 
paratus. 

190. A data providing system as set forth in claim 162, 
wherein said data processing apparatus comprises 
a module giving resistance to outside monitoring 
and tampering of the processing content, predeter- 
mined data stored in an internal memory, and data 
being processed. 

191 .A data providing system as set forth in claim 162, 
wherein 

when said first module and said second module 
store a plurality of content files and a plurality 
of key files corresponding to the plurality of con- 
tent files, 

said first module and said second module fur- 
ther include data showing the correspondence 
of the plurality of content files and the corre- 
sponding key files. 

192. A data providing system as set forth in claim 162, 
wherein 

said data providing apparatus distributes a 
module storing a plurality of said content files 
and a plurality of key files corresponding to the 
plurality of content files to said data processing 
apparatus and 

said content files include directory structure da- 
ta showing the relationship among the plurality 
of content files and the relationship with said 
key files. 

193. A data providing system as set forth in claim 162, 
wherein said data providing apparatus further com- 
prises a memory circuit for storing said module. 

194. A data providing system as set forth in claim 193, 
wherein said data providing apparatus manages 
said module based on a content identifier uniquely 
allocated to said content data. 

195. A data providing system as set forth in claim 194, 
wherein said management apparatus prepares said 



key file further storing said content identifier. 

196.A data providing system as set forth in claim 1 94, 
wherein said content identifier Is determined 
5 uniquely in said content data stored by said data 
providing apparatus in said memory circuit. 
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197. A data providing system as set forth in claim 194, 
wherein said content identifier is determined 
uniquely globally. 

198. A data providing system as set forth in claim 194, 
wherein said data providing apparatus produces 
said content identifier 

199. A data providing system as set forth in claim 194, 
wherein said data providing apparatus further com- 
prises a memory circuit for storing said module. 

200. A data providing system for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus provides a first 
module storing a content file containing the 
content data encrypted by using said content 
key data and a key file received from said man- 
agement apparatus to said data distribution ap- 
paratus, 

said data distribution apparatus distributes a 
second module storing said provided content 
file to said data processing apparatus by using 
a predetermined communication protocol but in 
a format not depending upon the related com- 
munication protocol or recording the same on 
a storage medium, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed second module 
and determines the handling of said content da- 
ta stored In said distributed second module 
based on the related decrypted usage control 
policy data. 

201 .A data providing system for providing content data 
from a data providing apparatus to a first data dis- 
tribution apparatus and a second data distribution 
apparatus, distributing the content data from said 
first data distribution apparatus and said second da- 
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ta distribution apparatus to a data processing appa- 
ratus, and managing said data providing apparatus, 
said first data distribution apparatus, said secx)nd 
data distribution apparatus, and said data process- 
ing apparatus by a management apparatus, where- 
in 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus provides a first 
module storing a content file storing the content 
data encrypted by using said content key data 
and said key file received from said manage- 
ment apparatus to said first data distribution ap- 
paratus and said second data distribution ap- 
paratus, 

said first data distribution apparatus distributes 
a second module storing said provided content 
file and said key file to said data processing ap- 
paratus, 

said second data distribution apparatus distrib- 
utes a third module storing said provided con- 
tent file and said key file to said data processing 
apparatus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed second module 
and said third module and detennines the han- 
dling of said content data based on the related 
decrypted usage control policy data. 

202. A data providing system as set forth in claim 201, 
wherein 

said first data distribution apparatus distributes 
said second module storing first price data 
showing a price of said content data to said data 
processing apparatus and 
said second data distribution apparatus distrib- 
utes said third module storing second price da- 
ta showing a price of content data to said data 
processing apparatus. 

203. A data providing system for providing first content 
data from a first data providing apparatus to a data 
distribution apparatus, providing second content 
data from a second data providing apparatus to the 
data distribution apparatus, distributing the content 
data from said data distribution apparatus to a data 
processing apparatus, and managing said first data 
providing apparatus, said second data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, wherein 

said management apparatus prepares a first 
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key file storing an encr/pted first content key 
data and an encrypted first usage control policy 
data indicating the handling of said first content 
data and a second key file storing an encrypted 
second content key data and an encrypted sec- 
ond usage control policy data indicating the 
handling of said second content data, 
said first data providing apparatus provides a 
first module storing a first content file storing 
said first content data,encrypted by using said 
first content key data and said first key file re- 
ceived from said management apparatus to 
said data distribution apparatus, 
said second data providing apparatus provides 
a second module storing a second content file 
storing said second content data encrypted by 
using said second content key data and said 
second key file received from said manage- 
ment apparatus to said data distribution appa- 
ratus, 

said data distribution apparatus distributes a 
third module storing said provided first content 
file, said first key file, said second content file, 
and said second key file to said data processing 
apparatus, and 

said data processing apparatus decrypts said 
first content key data, said second content key 
data, said first usage control policy data, and 
said second usage control policy data stored In 
said distributed third module, determines the 
handling of said first content data based on the 
related decrypted first usage control policy da- 
ta, and determines the handling of said second 
content data based on the related decrypted 
seconc usage control policy data. 

204. A data providing system as set forth in claim 203, 
wherein said data distribution apparatus distributes 
said third module further storing first price data 
showing a price of said first content data and sec- 
ond price data showing a price of said second con- 
tent data to said data processing apparatus. 

205. A data providing system for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus individually dis- 
tributes a content file storing the content data 
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encrypted by using said content key data and 
said key file received from said management 
apparatus to said data distribution apparatus, 
said data distribution apparatus individually 
distributes said distributed content file and said 
key file to said data processing apparatus by 
using a predetermined communication protocol 
but in a format not depending upon the related 
communication protocol or by recording the 
same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
temnines the handling of said content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 

206. A data providing system as set forth in claim 205, 
wherein said content file and said key file include 
data for clearing indicating their mutual correspond- 



207. A data providing system for providing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 
apparatus and said data processing apparatus by 
a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data and distributes 
the related prepared key file to said data 
processing apparatus, 

said data providing apparatus distributes a con- 
tent file storing the content data encrypted by 
using said content key data to said data distri- 
bution apparatus, 

said data distribution apparatus distributes said 
provided content file to said data processing 
apparatus by using a predetermined communi- 
cation protocol but in a fomnat not depending 
upon the related communication protocol or by 
recording the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
temnines the handling of said content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 

208. A data providing system as set forth in claim 207, 
wherein said content file and said key file include 
data for clearing indicating their mutual correspond- 
ence. 

209. A data providing system for providing content data 
from a data providing apparatus to a data distribu- 
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tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus provides a first 
module storing the content data encrypted by 
using said content key data and said key file 
received from said management apparatus to 
said data distribution apparatus, 
said data distribution apparatus distributes a 
second module storing said provided content 
data and said key file to said data processing 
apparatus by using a predetermined communi- 
cation protocol but in a format not depending 
upon the related communication protocol or by 
recording the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed second module 
and determines the handling of said content da- 
ta stored in said distributed second module 
based on the related decrypted usage control 
policy data. 

210.A data providing system for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus individually dis- 
tributes the content data encrypted by using 
said content key data and said key file received 
from said management apparatus to said data 
distribution apparatus, 

said data distribution apparatus individually 
distributes said distributed content data and 
said key file to said data distribution apparatus 
by using a predetermined communication pro- 
tocol but in a fomnat not depending upon the 
related communication protocol or by recording 
the same on a storage medium, and 
said data processing apparatus decrypts said . 
content key data and said usage control policy 
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data stored in said distributed key fiie and de- 
termines the handling of said distributed con- 
tent data based on the related decrypted usage 
control policy data. 

5 

211 .A data providing system for providing content data 
from a data providing apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus and said data processing apparatus by 
a management apparatus, wherein io 



212.A data providing system for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, wherein 



related communication protocol or recording 
the same on a storage medium, and 
said data processing apparatus decrypts said 
distributed content key data and said usage 
control policy data and detemnines the handling 
of said distributed content data based on the 
related decrypted usage control policy data. 

21 3 data providing system for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, wherein 

said management apparatus provides encrypt- 
ed content key data and encrypted usage con- 
trol policy data indicating the handling of said 
content data to said data processing apparatus, 
said data providing apparatus provides the con- 
tent data encrypted by using said content key 
data to said data distribution apparatus, 
said data distribution apparatus distributes said 
distributed provided content data to said data 
processing apparatus by using a predeter- 
mined communication protocol but in a format 
not depending upon the related communication 
protocol or recording the same on a storage 
medium, and 

said data processing apparatus decrypts said 
distributed content key data and said usage 
control policy data and detemnines the handling 
of said distributed content data based on the 
related decrypted usage control policy data. 

2147^ data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus, and a data processing appa- 
ratus, wherein 



said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data Indicating the 
handling of said content data and distributes 15 
the related prepared key file to said data 
processing apparatus, 

said data providing apparatus distributes the 
content data encrypted by using said content 
key data to said data distribution apparatus, 20 
said data distribution apparatus distributes said 
provided content data to said data processing 
apparatus by using a predetermined communi- 
cation protocol but in a format not depending 
upon the related communication protocol or by 25 
recording the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
temnines the handling of said distributed con- 30 
tent data based on the related decrypted usage 
control policy data. 



said management apparatus provides encrypt- 
ed content key data and encrypted usage con- 
trol policy data indicating the handling of said 45 
content data to said data providing apparatus, 
said data providing apparatus individually dis- 
tributes the content data encrypted by using 
said content key data and said encrypted con- 
tent key data and said encrypted usage control 50 
policy data received from said management ap- 
paratus to said data distribution apparatus, 
said data distribution apparatus distributes said 
distributed content data, said encrypted con- 
tent key data, and said encrypted usage control 55 
policy data to said data distribution apparatus 
by using a predetermined communication pro- 
tocol but in a format not depending upon the 



said data providing apparatus provides master 
source data of content to said management ap- 
paratus, 

said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, encrypts said provided master source data 
by using content key data to prepare content 
data, prepares a content file storing the related 
content data, prepares a key file storing said 
encrypted content key data and encrypted us- 
age control policy data indicating the handling 
of said content data, and provides said content 
file and said key file to said data distribution ap- 
paratus, 

said data distribution apparatus distributes said 
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provided content file and said key file to said 
data processing apparatus by using a predeter- 
mined communication protocol but in a format 
not depending upon the related communication 
protocol or recording the same on a storage 5 
medium, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
tenninesthe liandlingof the content data stored 10 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

215. A data providing system as set forth in claim 214, 
wherein ^5 

said management apparatus produces a first 
module storing said content file and said key 
file and provides the first module to said data 
distribution apparatus and 
said data distribution apparatus produces a 
second file storing said content file and said key 
file stored in said first module and distributes 
the second module to said data providing ap- 
paratus. 25 

216. A data providing system as set forth in claim 214, 
wherein said management apparatus 

comprises at least one database among a da- 30 
tabase for storing and managing said content 
file, a database for storing and managing said 
key file, and a database for storing and manag- 
ing said usage control policy data and 
centrally manages at least one among said 35 
content file, said key file, and said usage control 
policy data by using a content identifier unique- 
ly allocated to said content data. 

217. A data providing system as set forth in claim 214, 40 
wherein said data providing apparatus provides 
said content key data and said usage control policy 
data to said management apparatus. 

21 8. A data providing system comprising a data provid- 45 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus, and a data processing appa- 
ratus, wherein 

said data providing apparatus provides master 
source data of content to said management ap- 
paratus, 

said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 55 
tus, encrypts said provided master source data 
by using content key data to prepare content 
data, prepares a content file storing the related 
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content data, prepares a key file storing said 
encrypted content key data and encrypted us- 
age control policy data indicating the handling 
of said content data, and provides said content 
file to said data distribution apparatus and pro- 
vides said key file to said data processing ap- 
paratus, 

said data distribution apparatus distributes said 
provided content file to said data processing 
apparatus by using a predetermined communi- 
cation protocol but in a format not depending 
upon the related communication protocol or re- 
cording the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key file and deter- 
mines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

219.A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus, and a data processing appa- 
ratus, wherein 

said data providing apparatus provides a con- 
tent file storing encrypted content data using 
content key data to said management appara- 
tus, 

said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, prepares a key file storing said encrypted 
content key data and encrypted usage control 
policy data Indicating the handling of said con- 
tent data, and provides said content file provid- 
ed from said data providing apparatus and said 
prepared key file to said data distribution appa- 
ratus, 

said data distribution apparatus distributes said 
provided content file and said key file to said 
data processing apparatus by using a predeter- 
mined communication protocol but In a format 
not depending upon the related communication 
protocol or by recording the same on a storage 
medium, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

220JK data providing system as set forth in claim 219, 
wherein 

said management apparatus produces a first 
module storing said content file and said key 
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file and provides the first module to said data 
distribution apparatus and 
said data distribution apparatus produces a 
second f iie storing said content file and said key 
file stored in said first module and distributes 5 
the second nnodule to said data providing ap- 
paratus. 

221 .A data providing system as set forth in claim 219. 
wherein said management apparatus io 

comprises at least one database among a da- 
tabase for storing and managing said content 
file, a database for storing and managing said 
key file, and a database for storing and manag- '5 
ing said usage control policy data and 
centrally manages at least one among said 
contentfile, said key file, and said usage control 
policy data by using a content identifier unique- 
ly allocated to said content data. 20 

222. A data providing system as set forth in claim 219, 
wherein said data providing apparatus provides 
said content key data and said usage control policy 
data to said management apparatus. 25 

223. A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus, and a data processing appa- 
ratus, wherein 30 

said data providing apparatus provides a con- 
tent file storing encrypted content data using 
content key data to said management appara- 
tus, 

said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, prepares a key file storing said encrypted 
content key data and encrypted usage control 40 
policy data indicating the handling of said con- 
tent data, provides said content file provided 
from said data providing apparatus to said data 
distribution apparatus, and provides said pre- 
pared key file to said data processing appara- 45 
tus, 

said data distribution apparatus distributes said 
provided content file to said data processing 
apparatus by using a predetermined communi- 
cation protocol but in a fonnat not depending so 
upon the related communication protocol or by 
recording the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key file and deter- 55 
mines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 



224 A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus, a database device, and a data 
processing apparatus, wherein 

said data providing apparatus encrypts content 
data by using content key data, prepares a con- 
tent file storing the related encrypted content 
data, and stores the related prepared content 
file and a key file provided from said manage- 
ment apparatus in said database device, 
said management apparatus prepares a key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and provides 
the related prepared key file to said data pro- 
viding apparatus, 

said data distribution apparatus distributes said 
content file and key file obtained from said da- 
tabase device to said data processing appara- 
tus by using a predetermined communication 
protocol butin aformat not depending upon the 
related communication protocol or recording 
the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of said content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 



225^ data providing system as set forth in claim 224, 
wherein said database device centrally manages 
said stored content file and key file using a content 
35 identifier uniquely allocated to said content data. 

226A data providing system as set forth in claim 224, 
wherein said management apparatus 



comprises at least one database among a da- 
tabase for storing and managing said key file 
and a database for storing and managing said 
usage control policy data and 
centrally manages at least one among said key 
file and said usage control policy data by using 
a content identifier uniquely allocated to said 
content data. 

227 data providing system as set forth in claim 224, 
wherein said data providing apparatus provides 
said content key data and said usage control policy 
data to said management apparatus. 

228 data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus, a database device, and a data 
processing apparatus, wherein 
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said data providing apparatus encrypts content 
data by using content key data, prepares a con- 
tent file storing the related encrypted content 
data, and stores the related prepared content 
file in said database device, 
said nrianagement apparatus prepares a key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and provides 
the related prepared key file to said data pro- 
viding apparatus, 

said data distribution apparatus distributes said 
content file obtained from said database device 
and the key file provided fronn said data distri- 
bution apparatus to said data processing appa- 
ratus by using a predetermined communication 
protocol but in a format not depending upon the 
related communication protocol or recording 
the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of said content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 

229. A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus, a database device, and a data 
processing apparatus, wherein 



said data providing apparatus encrypts content 
data by using content key data, prepares a con- 
tent file storing the related encrypted content 
data, and stores the related prepared content 
file in said database device, 
said management apparatus prepares a key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and provides 
the related prepared key file to said data 
processing apparatus, 

said data distribution apparatus distributes said 
content file obtained from said database device 
to said data processing apparatus by using a 
predetemnined communication protocol but in 
a format not depending upon the related com- 
munication protocol or recording the same on 
a storage medium, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key file and deter- 
mines the handling of said content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

230.A data providing system comprising a plurality of 
data providing apparatuses, a data distribution ap- 



paratus, a plurality of management apparatuses, a 
database device, and a data processing apparatus, 
wherein 

said data providing apparatuses encrypt con- 
tent data by using content key data, prepare 
content files storing the related encrypted con- 
tent data, and store the related prepared con- 
tent files and key files provided from corre- 
sponding management apparatuses in said da- 
tabase device, 

said management apparatuses prepare key 
files storing said encrypted content key data 
and encrypted usage control policy data indi- 
cating the handling of said content data for the 
content data provided by corresponding data 
providing apparatuses and provide the related 
prepared key files to corresponding data pro- 
viding apparatuses, 

said data distribution apparatus distributes said 
content files and key files obtained from said 
database device to said data processing appa- 
ratus by using a predetermined communication 
protocol but in afomnat not depending upon the 
related communication protocol or recording 
the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
tennines the handling of said content data 
stored in said distributed content files based on 
the related decrypted usage control policy data. 

231 A data providing system as set forth in claim 230, 
35 wherein said database device centrally manages 
said stored content files and key files using content 
identifiers uniquely allocated to said content data. 

232 A data providing system as set forth iri claim 230, 
40 wherein said management apparatuses 

comprise at least one database among a data- 
base for storing and managing said key files 
and a database for storing and managing said 
45 usage control policy data and 

centrally manage at least one among said key 
files and said usage control policy data by using 
content identifiers uniquely allocated to said 
content data provided by said data providing 
50 apparatuses in said corresponding data provid- 

ing apparatuses. 

233. A data providing system as set forth in claim 230, 
wherein said data providing apparatuses provide 

55 said content key data and said usage control policy 
data to said management apparatuses. 

234. A data providing system comprising a plurality of 
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data providing apparatuses, a data distribution ap- 
paratus, a plurality of managennent apparatuses, a 
database device, and a data processing apparatus, 
wherein 

5 

said data providing apparatuses encrypt con- 
tent data by using content key data, prepare 
content files storing the related encrypted con- 
tent data, and store the related prepared con- 
tent files in said database device, io 
said nnanagement apparatuses prepare key 
files storing said encrypted content key data 
and encrypted usage control policy data indi- 
cating the handling of said content data for the 
content data provided by corresponding data is 
providing apparatuses and provide the related 
prepared key files to said data distribution ap- 
paratus, 

said data distribution apparatus distributes said 
content files obtained from said database de- 20 
vice and the key files provided from said man- 
agement apparatuses to said data processing 
apparatus by using a predetennined communi- 
cation protocol but in a format not depending 
upon the related communication protocol or re- 25 
cording the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
temnines the handling of said content data 30 
stored in said distributed content files based on 
the related decrypted usage control policy data. 

235.A data providing system comprising a plurality of 
data providing apparatuses, a data distribution ap- 35 
paratus, a plurality of management apparatuses, a 
database device, and a data processing apparatus, 
wherein 

said data providing apparatuses encrypt con- 40 
tent data by using content key data, prepare 
content files storing the related encrypted con- 
tent data, and store the related prepared con- 
tent files in said database device, 
said management apparatuses prepare key 45 
files storing said encrypted content key data 
and encrypted usage control policy data indi- 
cating the handling of said content data for the 
content data provided by corresponding data 
providing apparatuses and provide the related so 
prepared key files to said data processing ap- 
paratus, 

said data distribution apparatus distributes said 
content files obtained from said database de- 
vice to said data processing apparatus by using 55 
a predetermined communication protocol but in 
a format not depending upon the related com- 
munication protocol or recording the same on 



a storage medium, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key files and de- 
termines the handling of said content data 
stored in said distributed content files based on 
the related decrypted usage control policy data. 

A data providing system comprising a plurality of 
data providing apparatuses, a data distribution ap- 
paratus, a plurality of management apparatuses, a 
database device, and a data processing apparatus, 
wherein 

said data providing apparatuses provide mas- 
ter sources of content data to corresponding 
management apparatuses and store content 
files and key files received from the related 
management apparatuses in said database, 
said management apparatuses encrypt said 
master sources received from corresponding 
data providing apparatuses by using content 
key data, prepare content files storing the relat- 
ed encrypted content data, prepare key files 
storing said encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data forthe content da- 
ta provided by corresponding data providing 
apparatuses, and send said prepared content 
files and said prepared key files to correspond- 
ing data providing apparatuses, 
said data distribution apparatus distributes said 
content files and key files obtained from said 
database device to said data processing appa- 
ratus by using a predetermined commun ication 
protocol but in a format not depending upon the 
related communication protocol or by recording 
the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
termines the handling of said content data 
stored in said distributed content files based on 
the related decrypted usage control policy data. 

237 A data providing system as set forth in claim 236, 
wherein said database device centrally manages 
said stored content files and key files using content 
identifiers uniquely allocated to said content data. 

23BA data providing system as set forth in claim 236, 
wherein said management apparatuses 

comprise at least one database among a data- 
base for storing and managing said key files 
and a database for storing and managing said 
usage control policy data and 
centrally manage at least one among said key 
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files and said usage control policy data by using 
content identifiers uniquely allocated to said 
content data provided by said data providing 
apparatuses in said corresponding data provid- 
ing apparatuses. 

239. A data providing system as set forth in claim 236, 
wherein said data providing apparatuses provide 
said content key data and said usage control policy 
data to said management apparatuses. 

240. A data providing system comprising a plurality of 
data providing apparatuses, a data distribution ap- 
paratus, a plurality of management apparatuses, a 
database device, and a data processing apparatus, 
wherein 

said data providing apparatuses provide mas- 
ter sources of content data to corresponding 
management apparatuses and store content 
files received from the related management ap- 
paratuses in said database, 
said management apparatuses encrypt said 
master sources received from corresponding 
data providing apparatuses by using content 
key data, prepare content files storing the relat- 
ed encrypted content data, send the related 
prepared content files to said data providing ap- 
paratuses, prepare key files storing said en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data for the content data provided 
by corresponding data providing apparatuses, 
and send the related prepared key files provid- 
ed from said management apparatuses to cor- 
responding data distribution apparatus, 
said data distribution apparatus distributes said 
content files obtained from said database de- 
vice and key files provided from said manage- 
ment apparatuses to said data processing ap- 
paratus by using a predetermined communica- 
tion protocol but in a format not depending upon 
the related communication protocol or by re- 
cording the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
termines the handling of said content data 
stored in said distributed content files based on 
the related decrypted usage control policy data. 

241 .A data providing system comprising a plurality of 
data providing apparatuses, a data distribution ap- 
paratus, a plurality of management apparatuses, a 
database device, and a data processing apparatus, 
wherein 

said data providing apparatuses provide mas- 



ter sources of content data to corresponding 
management apparatuses and store content 
files received from the related management ap- 
paratuses in said database, 
said management apparatuses encrypt said 
master sources received from corresponding 
data providing apparatuses by using content 
key data, prepare content files storing the relat- 
ed encrypted content data, send the related 
prepared contentfiles to said data providing ap- 
paratuses, prepare key files storing said en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data for the content data provided 
by corresponding data providing apparatuses, 
and send the related prepared key files to said 
data processing apparatus, 
said data distribution apparatus distributes said 
content files obtained from said database de- 
vice to said data processing apparatus by using 
a predetermined communication protocol but in 
a format not depending upon the related com- 
munication protocol or by recording the same 
on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
termines the handling of said content data 
stored in said provided content files based on 
the related decrypted usage control policy data. 

242.A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, and a 
data processing apparatus, wherein 

said data providing apparatus provides a first 
module storing content data encrypted by using 
content key data, said encrypted content key 
data, and encrypted usage control policy data 
indicating the handling of said content data to 
said data distribution apparatus, performs 
charge processing in units of the content data 
based on log data received from said data 
processing apparatus, and performs a profit 
distribution processing for distributing the profit 
paid by interested parties of said data process- 
ing apparatus to interested parties of the relat- 
ed data providing apparatus and interested par- 
ties of said data distribution apparatus^ 
said data distribution apparatus distributes a 
second module storing said encrypted content 
data, content key data, and usage control policy 
data stored in said provided first module to said 
data processing apparatus by using a predeter- 
mined communication protocol but in a format 
not depending upon the related communication 
protocol or by recording the same on a storage 
medium, and 
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said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed module, deter- 
nnines the handling of said content data based 
on the related decrypted usage control policy 
data, prepares the log data for the handling of 
the related content data, and sends the related 
log data to said data providing apparatus. 

243. A data providing system as set forth in claim 242, 
wherein 

said data processing apparatus sends data dis- 
tribution use apparatus use log data relating to 
the distribution service of the content data per- 
fonned by the data distribution apparatus to 
said data distribution apparatus and 
said data distribution apparatus perfomns 
charge processing based on that data distribu- 
tion apparatus use log data. 

244. A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, and a 
management apparatus, wherein 



in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
distributing said prepared key file from said 
management apparatus to said data providing 
apparatus, and 

distributing a module storing a content file stor- 
ing the content data encrypted by using said 
content key data and said key file distributed 
from said management apparatus from said da- 
ta providing apparatus to said data processing 
apparatus by using a predetermined communi- 
cation protocol but in a format not depending 
upon the related communication protocol or re- 
cording the same on a storage medium, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed module 
and detemiining the handling of said content 
data based on the related decrypted usage 
control policy data. 

247^ data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
in said data providing apparatus, distributing a 
module storing a content file containing the 
content data encrypted by using said content 
key data and a key file received from said man- 
agement apparatus to said data processing ap- 
paratus by using a predetermined communica- 
tion protocol but in a format not depending upon 



said data providing apparatus provides content 
data, 

said data distribution apparatus distributes said 
content file provided from said data providing 
apparatus or a content file in accordance with so 
the content data provided by said data provid- 
ing apparatus provided from said management 
apparatus to said data processing apparatus, 
and 

said data processing apparatus decrypts the 35 
usage control policy data stored in a key file re- 
ceived from said data distribution apparatus or 
said management apparatus, detemnines the 
handling of said content data stored in the con- 
tent file received from said data distribution ap- 40 
paratus or said management apparatus based 
on the related decrypted usage control policy 
data, and further distributes said content file 
and key file received from said data distribution 
apparatus or said management apparatus to 45 
the other data processing apparatus. 

245.A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus, comprising the steps of so 

distributing a module storing the content data 
encrypted by using content key data, said en- 
crypted content key data, and encrypted usage 
control policy data indicating the handling of 55 
said content data from said data providing ap- 
paratus to said data processing apparatus by 
using a predetermined communication protocol 



but in a format not depending upon the related 
communication protocol or recording the same 
on a storage medium, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed module 
and detemnining the handling of said content 
data based on the related decrypted usage 
control policy data. 

10 

246 JK data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro: 
viding apparatus and said data processing appara- 
^5 tus by a management apparatus, comprising the 
steps of. 
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the related communication protocol or record- 
ing the same on a storage medium, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed module 
and determining the handling of said content 
data based on the related decrypted usage 
control policy data. 

248. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
distributing the related prepared key file from 
said management apparatus to said data pro- 
viding apparatus, and 

individually distributing a content file storing the 
content data encrypted by using said content 
key data and said key file distributed from said 
management apparatus from said data provid- 
ing apparatus to said data processing appara- 
tus by using a predetermined communication 
protocol but in a fomnat not depending upon the 
related communication protocol or recording 
the same on a storage medium, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed key file and 
determining the handling of the content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 

249. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 



not depending upon the related communication 
protocol or recording the same on a storage 
medium, and 

in said data processing apparatus, decrypting 
5 said content key data and said usage control 

policy data stored in said distributed key file and 
determining the handling of the content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 

10 

250.A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
>5 tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 

20 encrypted usage control policy data indicating 

the handling of said content data, 
in said data providing apparatus, distributing a 
module storing the content data encrypted by 
using said content key data and said key file 

25 received from said management apparatus to 

said data processing apparatus by using a pre- 
determined communication protocol but in a 
format not depending upon the related commu- 
nication protocol or recording the same on a 

30 storage medium, and 

in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed module 
and determining the handling of said content 

35 data based on the related decrypted usage 

control policy data. 

251 .A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
^0 processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

45 in said management apparatus, preparing a 

key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
in said data providing apparatus, individually 
distributing the content data encrypted by using 
said content key data and said key file received 
from said management apparatus to said data 
processing apparatus by using a predeter- 
mined communication protocol but in a format 
not depending upon the related communication 
protocol or recording the same on a storage 
medium, and 

in said data processing apparatus, decrypting 



in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 50 
distributing the related prepared key file from 
said management apparatus to said data 
processing apparatus, and 
distributing a content file storing the content da- 
ta encrypted by using said content key data 55 
from said data providing apparatus to said data 
processing apparatus by using a predeter- 
mined communication protocol but in a format 
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said content key data and said usage control 
policy data stored in said distributed keyfiieand 
determining the handling of said distributed 
content data based on the related decrypted 
usage control policy data. 5 

252. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- io 
tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and distribut- 
ing the related prepared key file to said data 
processing apparatus, in said data providing 
apparatus, 

distributing the content data encrypted by using 
said content key data to said data processing 
apparatus by using a predetermined communi- 
cation protocol but in a format not depending 
upon the related communication protocol or re- 
cording the same on a storage medium, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed keyfiieand 
determining the handling of said distributed 
content data based on the related decrypted 
usage control policy data. 

253. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

In said management apparatus, preparing en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data, 

In said data providing apparatus, individually 
distributing the content data encrypted by using 
said content key data and, said encrypted con- 
tent key data and said encrypted usage control 
policy data received from said management ap- 
paratus to said data processing apparatus by 
using a predetermined communication protocol 
but in a format not depending upon the related 
communication protocol or recording the same 
on a storage medium, and 

in said data processing apparatus, decrypting 55 
said distributed content key data and said us- 
age control policy data and determining the 
handling of the content data stored in said dis- 
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tributed content file based on the related de- 
crypted usage control policy data. 

254^ data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of. 

In said management apparatus, preparing en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data and distributing the same to 
said data processing apparatus, 
in said data providing apparatus, distributing 
the content data encrypted by using said con- 
tent key data to said data processing apparatus 
by using a predetermined communication pro- 
tocol but in a format not depending upon the 
related communication protocol or recording 
the same on a storage medium, and 
in said data processing apparatus, decrypting 
said distributed content key data and said us- 
age control policy data and determining tlie 
handling of said distributed content data based 
on the related decrypted usage control policy 
data. 

255 JK data providing method using a data providing ap- 
paratus, a data distribution apparatus, and a data 
processing apparatus, comprising the steps of 

providing a first module storing content data en- 
crypted by using content key data, encrypted 
said content key data, and encrypted usage 
control policy data indicating the handling of 
said content data from said data providing ap- 
paratus to said data distribution apparatus, 
distributing a second module storing said en- 
crypted content data, content key data, and the 
usage control policy data stored in said provid- 
ed said first module from said data distribution 
apparatus to said data processing apparatus by 
using said content key data to said data 
processing apparatus by using a predeter- 
mined communication protocol but in a forniat 
not depending upon the related communication 
protocol or recording the same on a storage 
medium, and 

in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed second 
module and detemnining the handling of said 
content data based on the related decrypted 
usage control policy data. 

256.A data providing method for providing content data 
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from a data providing apparatus to a data d.stnbu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, comprising the steps of. 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
distributing the related prepared key file from 
said management apparatus to said data pro- 
viding apparatus, 
providing a first module storing a content file 
storing the content data encrypted by using 
said content key data and said key file received 
from said management apparatus from said da- 
ta providing apparatus to said data distribution 20 

apparatus, and 

distributing a second module storing said pro- 
vided content file and said key file from said da- 
ta distribution apparatus to said data process- 
ing apparatus by using a predetemiined com- 
munication protocol but in aformat not depend- 
ing upon the related communication protocol or 
recording the same on a storage medium, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed second 
module and determining the handling of said 
content data stored in said distributed second 
module based on the related decrypted usage 
control policy data. 

257 A data providing method for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus and 
said data processing apparatus by a management 
apparatus, comprising the steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
in said data providing apparatus, providing a 
first module storing a content file containing the 
content data encrypted by using said content 
key data and a key file received from said man- 
agement apparatus to said data distribution ap- 
paratus, 

in said data distribution apparatus, distributing 
a second module storing said provided content 
file to said data processing apparatus by using 



25 



30 



35 



280 

a predetermined communication protocol but in 
a format not depending upon the related com- 
munication protocol or recording the same on 
a storage medium, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in. said distributed second 
module and detem^ining the handling of said 
content data stored in said distributed second 
module based on the related decrypted usage 
control policy data. 

258 A data providing method for Pr°^'*<l"'"9 =°nt«"\data 
from a data providing apparatus to a data dist bu^ 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said, data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, comprising the steps of. 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
distributing said prepared key file from said 
management apparatus to said data providing 
apparatus, 

individually providing a content file storing the 
content data encrypted by using said content 
key data and said key file received from said 
management apparatus from said data provid- 
ing apparatus to said data distribution appara- 
tus by using a predetemiined communication 
protocol but in afomiat not depending upon the 
related communication protocol or recording 
the same on a storage medium, and 
individually distributing said distributed content 
file and said key file from said data distribution 
apparatus to said data distribution apparatus, 

fn^said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed key file and 
determining the handling of the content data 
stored in said distributed content file based on 
the related decrypted usagecontrol policy data. 

259 A data providing method for providing content data 
■from a data providing apparatus to a data distrtou- 
tion apparatus and managing said data providing 
apparatus and said data processing apparatus by 
a management apparatus, comprising the steps of. 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data. 
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distributing the related prepared key file from 
said management apparatus to said data 
processing apparatus, 

providing a content file storing the content data 
encrypted by using said content key data from 
said data providing apparatus to said data dis- 
tribution apparatus, 

distributing said provided content file from said 
data distribution apparatus to said data 
processing apparatus by using a predeter- 
mined communication protocol but in a fomnat 
not depending upon the related communication 
protocol or recording the same on a storage 
medium, and 

in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored In said distributed key file and 
determining the handling of the content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 

260.A data providing method for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, comprising the steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
in said data providing apparatus, providing a 
first module storing the content data encrypted 
by using said content key data and said key file 
received from said management apparatus to 
said data distribution apparatus, 
in said data distribution apparatus, distributing 
a second module storing said provided content 
data and said key file to said data processing 
apparatus by using a predetermined communi- 
cation protocol but in a fomnat not depending 
upon the related communication protocol or re- 
cording the same on a storage medium, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed second 
module and detemnining the handling of said 
content data stored in said distributed second 
module based on the related decrypted usage 
control policy data. 

261 .A data providing method for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 



ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, comprising the steps of, 

5 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
in said data providing apparatus, individually 
providing the content data encrypted by using 
said content key data and said key file received 
from said management apparatus to said data 
distribution apparatus, 

in said data distribution apparatus, individually 
distributing said distributed content data and 
said key file to said data distribution apparatus 
by using a predetermined communication pro- 
tocol but in a fonmat not depending upon the 
related communication protocol or recording 
the same on a storage medium, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed key file and 
detemnining the handling of said distributed 
content data based on the related decrypted 
usage control policy data. 

262^ data providing method for distributing content da- 
30 ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

35 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and distribut- 
ing the related prepared key file to said data 
processing apparatus, in said data providing 
apparatus, 

providing the content data encrypted by using 
said content key data to said data distribution 
apparatus, 

in said data distribution apparatus, distributing 
said provided content data to said data 
processing apparatus, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed key file and 
detemnining the handling of said distributed 
content data based on the related decrypted 
usage control policy data. 

55 

263^ data providing method for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
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said data distribution apparatus to a data process- 
ing apparatus, and nnanaging said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, comprising the steps of, 

in said management apparatus, providing en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data to said data providing appa- 
ratus, 

in said data providing apparatus, individually 
distributing the content data encrypted by using 
said content key data and said encrypted con- 
tent key data and said encrypted usage control 
policy data received from said management ap- 
paratus to said data distribution apparatus, 
in said data distribution apparatus, individually 
distributing said distributed content data, said 
encrypted content key, data, and said encrypt- 
ed usage control policy data to said data distri- 
bution apparatus by using a predetermined 
communication protocol but in a fomnat not de- 
pending upon the related communication pro- 
tocol or recording the same on a storage medi- 
um, and 

in said data processing apparatus, decrypting 
said distributed content key data and said us- 
age control policy data and determining the 
handling of said distributed content data based 
on the related decrypted usage control policy 
data. 

264.A data providing method for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, comprising the steps of, 

in said management apparatus, distributing en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data to said data processing ap- 
paratus, 

in said data providing apparatus, providing the 
content data encrypted by using said content 
key data to said data distribution apparatus, 
in said data distribution apparatus, distributing 
said provided content data to said data 
processing apparatus by using a predeter- 
mined communication protocol but in a format 
not depending upon the related communication 
protocol by recording the same on a storage 
medium, and 

in said data processing apparatus, decrypting 



said distributed content key data and said us- 
age control policy data and detemnining the 
handling of said distributed content data based 
on the related decrypted usage control policy 
5 data. 

265.A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, and a data processing apparatus, 
10 wherein 



said data providing apparatus provides master 
source data of content to said management ap- 
paratus, 

said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, encrypts said provided master source data 
by using content key data to prepare content 
data, prepares a content file storing the related 
content data, prepares a key file storing said 
encrypted content key data and encrypted us- 
age control policy data indicating the handling 
of said content data, and provides said content 
file and said key file to said data distribution ap- 
paratus, 

said data distribution apparatus distributes said 
provided content file and said key file to said 
data processing apparatus by using a predeter- 
mined communication protocol but in a format 
not depending upon the related communication 
protocol or by recording the same on a storage 
medium, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of said content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 
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266 A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, and a data processing apparatus, 
wherein 

said data providing apparatus provides master 
source data of content to said management ap- 
paratus, 

said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, encrypts said provided master source data 
by using content key data to prepare content 
data, prepares a content file storing the related 
content data, prepares a key file storing said 
encrypted content key data and encrypted us- 
age control policy data indicating the handling 
of said content data, and provides said content 
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file to said data distribution apparatus and pro- 
vides said key file to said data processing ap- 
paratus, 

said data distribution apparatus distributes said 
provided content file to said data processing 
apparatus by using a predetermined comnnuni- 
cation protocol but in a fomnat not depending 
upon the related connmunication protocol or by 
recording the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key file and deter- 
mines the handling of said content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

267. A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, and a data processing apparatus, 
wherein 

said data providing apparatus provides a con- 
tent file storing encrypted content data using 
content key data to said management appara- 
tus, 

said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, prepares a key file storing said encrypted 
content key data and encrypted usage control 
policy data indicating the handling of said con- 
tent data, and provides said content file provid- 
ed from said data providing apparatus and said 
prepared key file to said data distribution appa- 
ratus, 

said data distribution apparatus distributes said 
provided content file and said key file to said 
data processing apparatus by using a predeter- 
mined communication protocol but in a fonnat 
not depending upon the related communication 
protocol or by recording the same on a storage 
medium, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
temninesthe handling of thecontent data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

268. A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, and a data processing apparatus, 
wherein 

said data providing apparatus provides a con- 
tent file storing encrypted content data using 
content key data to said management appara- 
tus. 



said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, prepares a key file, storing said encrypted 
content key data and encrypted usage control 
policy data indicating the handling of said con- 
tent data, provides said content file provided 
from said data providing apparatus to said data 
distribution apparatus and provides said pre- 
pared key file to said data processing appara- 
tus, 

said data distribution apparatus distributes said 
provided content file to said data processing 
apparatus by using a predetemnined communi- 
cation protocol but in a fonnat not depending 
upon the related communication protocol or by 
recording the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key file and deter- 
mines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

25 data providing method using a data providing ap- 

paratus, a data distribution apparatus, a manage- 
ment apparatus, a database device, and a data 
processing apparatus, wherein 

said data providing apparatus encrypts content 
data by using content key data, prepares a con- 
tent file storing the related encrypted content 
data, and stores the related prepared content 
file and a key file provided from said manage- 
ment apparatus in said database device, 
said management apparatus prepares a key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and provides 
the related prepared key file to said data pro- 
viding apparatus, 

said data distribution apparatus distributes said 
content file and key file obtained from said da- 
tabase device to said data processing appara- 
tus by using a predetermined communication 
protocol but in a format not depending upon the 
related communication protocol or by recording 
the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of said content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 

270 A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, a database device, and a data 
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processing apparatus, wherein 



said data providing apparatus encrypts content 
data by using content l<ey data, prepares a con- 
tent file storing the related encrypted content 
data, and stores tine related prepared content 
file in said database device, 
said managennent apparatus prepares a key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and provides 
the related prepared key file to said data distri- 
bution apparatus, 

said data distribution apparatus distributes said 
content file obtained fronn said database device 
and the key file provided fronn said data distri- 
bution apparatus to said data processing appa- 
ratus by using a predetermined connmunication 
protocol but In a format not depending upon the 
related communication protocol or by recording 
the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of said content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 

271 - A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, a database device, and a data 
processing apparatus, wherein 

said data providing apparatus encrypts content 
data by using content key data, prepares a con- 
tent file storing the related encrypted content 
data, and stores the related prepared content 
file in said database device, 
said management apparatus prepares a key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and provides 
the related prepared key file to said data 
processing apparatus, 

said data distribution apparatus distributes said 
content file obtained from said database device 
to said data processing apparatus by using a 
predetennined communication protocol but in 
a format not depending upon the related com- 
munication protocol or by recording the same 
on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key file and deter- 
mines the handling of said content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 
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272 A data providing method using a plurality of data 
providing apparatuses, a data distribution appara- 
tus a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 
wherein 

said data providing apparatuses encrypt con- 
tent data by using content key data, prepare 
content files storing the related encrypted con- 
tent data, and store the related prepared con- 
tent files and key files provided from corre- 
sponding management apparatuses in said da- 
tabase device, 

said management apparatuses prepare key 
files storing said encrypted content key data 
and encrypted usage control policy data indi- 
cating the handling of said content data for the 
content data provided by corresponding data 
providing apparatuses and provide the related 
prepared key files to corresponding data pro- 
viding apparatuses, 

said data distribution apparatus distributes said 
content files and key files obtained from said 
database device to said data processing appa- 
ratus by using a predetermined communication 
protocol but in a f omnat not depending upon the 
related communication protocol or by recording 
the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
termines the handling of said content data 
stored in said distributed content files based on 
the related decrypted usage control policy data. 
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273.A data providing method using a plurality of data 
providing apparatuses, a data distribution appara- 
tus, a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 
wherein 

said data providing apparatuses encrypt con- 
tent data by using content key data, prepare 
content files storing the related encrypted con- 
tent data, and store the related prepared con- 
tent files in said database device, 
said management apparatuses prepare key 
files storing said encrypted content key data 
and encrypted usage control policy data indi- 
cating the handling of said content data for the 
content data provided by corresponding data 
providing apparatuses and provide the related 
prepared key files to said data distribution ap- 
paratus, 

said data distribution apparatus distributes said 
content files obtained from said database de- 
vice and the key files provided from said man- 
agement apparatuses to said data processing 
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apparatus by using a predetermined comnnuni- 
cation protocol but in a fonnat not depending 
upon the related cx>nnnnunication protocol or by 
recording the sanne on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
termines the handling of said content data 
stored in said distributed content files based on 
the related decrypted usage control policy data. 

274. A data providing method using a plurality of data 
providing apparatuses, a data distribution appara- 
tus, a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 
wherein 

said data providing apparatuses encrypt con- 
tent data by using content key data, prepare 
content files storing the related encrypted con- 
tent data, and store the related prepared con- 
tent files in said database device, 
said management apparatuses prepare key 
files storing said encrypted content key data 
and encrypted usage control policy data indi- 
cating the handling of said content data for the 
content data provided by corresponding data 
providing apparatuses and provide the related 
prepared key files to said data processing ap- 
paratus, 

said data distribution apparatus distributes said 
content files obtained from said database de- 
vice to said data processing apparatus by using 
a predetermined communication protocol but in 
a format not depending upon the related com- 
munication protocol or by recording the same 
on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key files and de- 
termines the handling of said content data 
stored in said distributed content files based on 
the related decrypted usage control policy data. 

275. A data providing method using a plurality of data 
providing apparatuses, a data distribution appara- 
tus, a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 
wherein 

said data providing apparatuses provide mas- 
ter sources of content data to corresponding 
management apparatuses and store content 
files and key files received from the related 
management apparatuses in said database, 
said management apparatuses encrypt said 
master sources received from corresponding 
data providing apparatuses by using content 



key data, prepare content files storing the relat- 
ed encrypted content data, prepare key files 
storing said encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data for the content da- 
ta provided by corresponding data providing 
apparatuses, and send said prepared content 
files and said prepared key files to correspond- 
ing data providing apparatuses, 
said data distribution apparatus distributes said 
content files and key files obtained from said 
database device to said data processing appa- 
ratus by using a predetermined communication 
protocol but in a format not depending upon the 
related communication protocol or by recording 
the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
termines the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 

276A data providing method using a plurality of data 
providing apparatuses, a data distribution appara- 
tus, a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 
wherein 

said data providing apparatuses provide mas- 
ter sources of content data to corresponding 
management apparatuses and store content 
files received from the related management ap- 
paratuses in said database, 
said management apparatuses encrypt said 
master sources received from corresponding 
data providing apparatuses by using content 
key data, prepare content files storing the relat- 
ed encrypted content data, send the related 
prepared contentfiles to said data providing ap- 
paratuses, prepare key files storing said en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data for the content data provided 
by corresponding data providing apparatuses, 
and send the related prepared key files to cor- 
responding data distribution apparatus, 
said data distribution apparatus distributes said 
content files obtained from said database de- 
vice and the key files provided from said man- 
agement apparatuses to said data processing 
apparatus by using a predetermined communi- 
cation protocol but in a format not depending 
upon the related communication protocol or by 
recording the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
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termines the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 

277. A data providing nnethod using a plurality of data 
providing apparatuses, a data distribution appara- 
tus, a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 
wherein 

said data providing apparatuses provide mas- 
ter sources of content data to corresponding 
management apparatuses and store content 
files received from the related management ap- 
paratuses in said database, 
said management apparatuses encrypt said 
master sources received from corresponding 
data providing apparatuses by using content 
key data, prepare content files storing the relat- 
ed encrypted content data, send the related 
prepared content files to said data providing ap- 
paratuses, prepare key files storing said en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data for the content data provided 
by corresponding data providing apparatuses, 
and provide the related prepared key files to 
said data processing apparatus, 
said data distribution apparatus distributes said 
content files obtained from said database de- 
vice to said data processing apparatus by using 
a predetermined communication protocol but in 
a format not depending upon the related com- 
munication protocol or by recording the same 
on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key files and de- 
termines the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 

278. A data providing method using a data providing ap- 
paratus, a data distribution apparatus, and a data 
processing apparatus, wherein 

said data providing apparatus provides a first 
module storing content data encrypted by using 
content key data, said encrypted content key 
data, and encrypted usage control policy data 
indicating the handling of said content data to 
said data distribution apparatus, perfomns 
charge processing in units of the content data 
based on log data received from said data 
processing apparatus, performs profit distribu- 
tion processing for distributing the profit paid by 
interested parties of said data processing ap- 
paratus to interested parties of the related data 
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providing apparatus and interested parties of 
said data distribution apparatus, 
said data distribution apparatus distributes a 
second module storing said encrypted content 
data, content key data and usage control policy 
data stored in said provided first module to said 
data processing apparatus by using a predeter- 
mined communication protocol but in a fomnat 
not depending upon the related commun ication 
protocol or by recording the same on a storage 
medium, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed module, deter- 
mines the handling of said content data based 
on the related decrypted usage control policy 
data, prepares the log data for the handling of 
the related content data and sends the related 
log data to said data providing apparatus. 

279 7^ data providing method using a data providing ap- 
paratus, a data distribution apparatus, a data 
processing apparatus, and a management appara- 
tus, wherein 

said data providing apparatus provides content 
data, 

said data distribution apparatus distributes said 
content file provided from said data providing 
apparatus or a content file in accordance with 
the content data provided by said data provid- 
ing apparatus received from said management 
apparatus to said data processing apparatus, 
and 

said data processing apparatus decrypts the 
usage control policy data stored in the key file 
received from said data distribution apparatus 
or said management apparatus, detemnines 
the handling of said content data stored in the 
content file received from said data distribution 
apparatus or said management apparatus 
based on the related decrypted usage control 
policy data, and further distributes said content 
file and key file received from said data distri- 
bution apparatus or said management appara- 
tus to the other data processing apparatus. 



280 .A data providing system for distributing content da- 
ta from a data providing apparatus to a data 
50 processing apparatus, wherein 

said data providing apparatus distributes a 
module storing content data encrypted by using 
content key data, said encrypted content key 
55 data, and encrypted usage control policy data 

indicating the handling of said content data in 
a fomnat not depending upon at least one 
among existence of a compression of said con- 
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tent data, a compression method, a method of 
said encryption, and parameters of a signal giv- 
ing the content data to said data processing ap- 
paratus by using a predetennined communica- 
tion protocol but in a format not depending upon 
the related communication protocol or by re- 
cording the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed module and de- 
termines the handling of said content data 
based on the related decrypted usage control 
policy data. 

281 .A data providing system as set forth in claim 280, 
wherein 

said data providing apparatus distributes said 
module further storing a certification data of itself in 
a format not depending upon the method of produc- 
ing said certification data. 

282. A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, and a 
data processing apparatus, wherein 

said data providing apparatus distributes a first 
module storing content data encrypted by using 
content key data, said encrypted content key 
data, and encrypted usage control policy data 
indicating the handling of said content data In 
a format not depending upon at least one 
among existence of compression of said con- 
tent data, a compression method, a method of 
said encryption, and parameters of a signal giv- 
ing the content data to said data distribution ap- 
paratus, 

said data distribution apparatus distributes a 
second module storing said encrypted content 
data, content key data, and the usage control 
policy data stored in said provided first module 
to said data processing apparatus by using a 
predetennined communication protocol but in 
a fomnat not depending upon the related com- 
munication protocol or by recording the same 
on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed second module 
and detemnines the handling of said content da- 
ta based on the related decrypted usage control 
policy data. 

283. A data providing system as set forth in claim 282, 
wherein said data providing apparatus provides 
said first module further storing its own signature 
data in a format not depending upon the method 
preparation of the signature data to said data distri- 
bution apparatus. 



2B4A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, and a 
data processing apparatus, wherein 

said data providing apparatus distributes a first 
module storing content data encrypted by using 
content key data, said encrypted content key 
data, and encrypted usage control policy data 
indicating the handling of said content data to 
said data distribution apparatus, 
said data distribution apparatus encrypts a plu- 
rality of second modules storing said encrypted 
content data, content key data, and the usage 
control policy data stored in said provided first 
module by using a common key obtained by 
mutual certification with said data processing 
apparatus, and then distributes the same to 
said data processing apparatus by using a pre- 
determined communication protocol but in a 
format not depending upon the related commu- 
nication protocol, and 

said data processing apparatus comprises a 
first processing circuit for decrypting said dis- 
tributed plurality of second modules by using 
said common key, selecting a single or a plu- 
rality of second modules from among the relat- 
ed decrypted plurality of second modules, and 
performing charge processing with respect to a 
distribution service of said second modules and 
a tamper resistant second processing circuit rer 
ceiving said selected said second modules, de- 
crypting said content key data and said usage 
control policy data stored in the related second 
modules, and detennining the handling of said 
content data based on the related decrypted 
usage control policy data. 

285A data providing system as set forth in claim 284, 
wherein 

said first processing circuit produces data dis- 
tribution use apparatus use log data relating to 
the distribution service of the second module 
performed by the data distribution apparatus to 
said data distribution apparatus and 
said data distribution apparatus performs 
charge processing based on that data distribu- 
tion apparatus use log data. 

286J^ data providing system as set forth in claim 284, 

further comprising a management apparatus 
for managing said data providing apparatus, 
said data distribution apparatus, and said data 
processing apparatus, wherein 
said second processing circuit determines the 
handling of said content data, prepares usage 
log data in accordance with the detemriination, 
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and sends the usage log data to said nnanage- 
nnent apparatus, and 

said managennent apparatus perfornns profit 
distribution processing for distributing the profit 
relating to the content data paid by an interest- s 
ed party of the data processing apparatus 
based on the usage log data to interested par- 
ties of the data providing apparatus and the da- 
ta distribution apparatus based on the usage 
leg data. fo 
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FIG. 13 
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